TableofContents
TitlePage
CopyrightPage
Dedication
Acknowledgments
AbouttheAuthors
AbouttheTechnicalEditor
Introduction
MajorChangesinExchangeServer2016
HowThisBookIsOrganized
ConventionsUsedinThisBook
TheMasteringSeries
Part1:ExchangeFundamentals
Chapter1:PuttingExchangeServer2016inContext
Email'sImportance
WhatIsExchangeServer?
ThingsEveryEmailAdministratorShouldKnow
TheBottomLine
Chapter2:IntroducingtheChangesinExchangeServer2016
GettingtoKnowExchangeServer2016
ExchangeServerArchitecture
Now,WhereDidThatGo?
ClearingUpSomeConfusion
TheBottomLine
Chapter3:UnderstandingAvailability,Recovery,andCompliance
ChangingfromaTechnologytoaBusinessViewpoint
What'sinaName?
ACloserLookatAvailability
StorageAvailability
ComplianceandGovernance
TheBottomLine
Chapter4:VirtualizingExchangeServer2016
VirtualizationOverview
EffectsofVirtualization
VirtualizationRequirements
Operations
DecidingWhentoVirtualize
DecidingWhattoVirtualize
PossibleVirtualizationScenarios
TheBottomLine
Chapter5:IntroductiontoPowerShellandtheExchangeManagementShell
WhyUsePowerShell?
UnderstandingtheCommandSyntax
Object-OrientedUseofPowerShell
PowerShellv3,v4,andv5
TipsandTricks
GettingHelp
TheBottomLine
Chapter6:UnderstandingtheExchangeAutodiscoverProcess
AutodiscoverConcepts
PlanningCertificatesforAutodiscover
TheBottomLine
Part2:GettingExchangeServerRunning
Chapter7:ExchangeServer2016QuickStartGuide
ServerSizingQuickReference
ConfiguringWindows
InstallingExchangeServer2016
Post-installationConfigurationSteps
ConfiguringRecipients
TheBottomLine
Chapter8:UnderstandingServerRolesandConfigurations
TheRolesofServerRoles
ExchangeServer2016ServerRoles
PossibleRoleConfigurations
TheBottomLine
Chapter9:ExchangeServer2016Requirements
GettingtheRightServerHardware
SoftwareRequirements
AdditionalRequirements
TheBottomLine
Chapter10:InstallingExchangeServer2016
BeforeYouBegin
PreparingforExchange2016
GraphicalUserInterfaceSetup
Command-LineSetup
RemovingExchangeServer
TheBottomLine
Chapter11:UpgradesandMigrationstoExchangeServer2016orOffice365
Upgrades,Migrations,Cross-ForestMigrations,andDeployments
FactorstoConsiderbeforeUpgrading
ChoosingYourStrategy
Office365
PerformingaCross-ForestMigration
MovingMailboxes
ImportingDatafromPSTs
TasksRequiredPriortoRemovingLegacyExchangeServers
ExchangeServerDeploymentAssistant
TheBottomLine
Part3:RecipientAdministration
Chapter12:ManagementPermissionsandRole-BasedAccessControl
RBACBasics
ManagingRBAC
DefiningRoles
DistributingRoles
AuditingRBAC
TheBottomLine
Chapter13:BasicsofRecipientManagement
UnderstandingExchangeRecipients
DefiningEmailAddresses
TheBottomLine
Chapter14:ManagingMailboxesandMailboxContent
ManagingMailboxes
MovingMailboxes
DeletingMailboxes
BulkManipulationofMailboxesUsingtheEMS
ManagingMailboxContent
GettingStartedwithMessagingRecordsManagement
TheBottomLine
Chapter15:ManagingMail-EnabledGroups,MailUsers,andMailContacts
UnderstandingMail-EnabledGroups
CreatingandManagingMailContactsandMailUsers
TheBottomLine
Chapter16:ManagingResourceMailboxes
TheUniqueNatureofResourceMailboxes
Exchange2016ResourceMailboxFeatures
CreatingResourceMailboxes
CreatingRoomLists
ConvertingResourceMailboxes
TheBottomLine
Chapter17:ManagingModernPublicFolders
UnderstandingArchitecturalChangesforModernPublicFolders
MovingPublicFolderstoExchangeServer2016
ManagingPublicFolderMailboxes
ManagingPublicFolders
UnderstandingthePublicFolderHierarchy
ComparingPublicFolders,SiteMailboxes,andSharedMailboxes
TheBottomLine
Chapter18:ManagingArchivingandCompliance
IntroductiontoArchiving
BenefitsofArchiving
IndustryBestPractices
ArchivingwithExchangeServer2016
EnablingIn-PlaceArchiving
UnderstandingLitigationandIn-PlaceHold
RequirementsandConsiderations
TheBottomLine
Part4:ServerAdministration
Chapter19:CreatingandManagingMailboxDatabases
GettingtoKnowExchangeServerDatabases
PlanningMailboxDatabaseStorage
ManagingMailboxDatabases
TheBottomLine
Chapter20:CreatingandManagingDatabaseAvailabilityGroups
UnderstandingDatabaseReplicationinExchangeServer2016
ManagingaDatabaseAvailabilityGroup
UnderstandingActiveManager
DAGandDatabaseMaintenance
UnderstandingSiteResiliencyforExchangeServer2016
TheBottomLine
Chapter21:UnderstandingtheClientAccessServices
ClientAccessServicesOverview
NamespacePlanning
ConnectivityforOutlookClients
ConnectivityforNon-OutlookClients
SharingbetweenOrganizations
SecuringExternalAccess
CoexistingwithPreviousExchangeServerVersions
TheBottomLine
Chapter22:ManagingConnectivitywithTransportServices
UnderstandingtheTransportImprovementsinExchangeServer2016
MessageRoutingintheOrganization
SendingandReceivingEmail
MessagesinFlight
UsingExchangeServer2016Antispam/Anti-MalwareTools
TroubleshootingEmailRouting
TheBottomLine
Chapter23:ManagingTransport,DataLossPrevention,andJournalingRules
IntroducingtheExchange2016TransportArchitecture
SettingUpMessageClassifications
SettingUpMailFlow(Transport)Rules
IntroducingDataLossPrevention
IntroducingJournaling
TheBottomLine
Part5:TroubleshootingandOperating
Chapter24:TroubleshootingExchangeServer2016
BasicTroubleshootingPrinciples
GeneralServerTroubleshootingTools
TroubleshootingMailboxServers
TroubleshootingMailFlow
TroubleshootingClientConnectivity
TheBottomLine
Chapter25:BackingUpandRestoringExchangeServer
BackingUpExchangeServer
PreparingtoBackUpandRecovertheExchangeServer
UsingWindowsServerBackuptoBackUptheExchangeServer
UsingWindowsServerBackuptoRecovertheData
RecoverExchangeServerDataUsingAlternativeMethods
RecoveringtheEntireExchangeServer
TheBottomLine
Appendix:TheBottomLine
Chapter1
Chapter2
Chapter3
Chapter4
Chapter5
Chapter6
Chapter7
Chapter8
Chapter9
Chapter10
Chapter11
Chapter12
Chapter13
Chapter14
Chapter15
Chapter16
Chapter17
Chapter18
Chapter19
Chapter20
Chapter21
Chapter22
Chapter23
Chapter24
Chapter25
EndUserLicenseAgreement
ListofIllustrations
Chapter1:PuttingExchangeServer2016inContext
Figure1.1Outlook2016AppointmentschedulingonanExchangeServer2016
mailbox
Figure1.2TheOutlook2016clientInboxonanExchangeServer2016mailbox
Figure1.3OutlookonthewebonanExchangeServer2016mailbox
Figure1.4Exchangedataandtransactionlogs
Figure1.5ActiveDirectoryandExchangeServer
Figure1.6Configuringautomaticupdates
Figure1.7ViewingtheMicrosoftRemoteConnectivityAnalyzer
Chapter2:IntroducingtheChangesinExchangeServer2016
Figure2.1DeployinganEdgeTransportserver
Figure2.2Examiningatransportrule
Chapter3:UnderstandingAvailability,Recovery,andCompliance
Figure3.1ThefourstagesoftheMicrosoftITservicemanagementlifecycle
Chapter4:VirtualizingExchangeServer2016
Figure4.1Alookatvirtualization
Chapter5:IntroductiontoPowerShellandtheExchangeManagementShell
Figure5.1OutputoftheGet-Mailboxcmdlet
Figure5.2Formattingoutputintoaformattedtable
Figure5.3Formattingoutputtoaformattedlist
Figure5.4OnlinehelpforpipeliningusingtheExchangeManagementShell
Figure5.5ViewingtheTipoftheDay
Chapter6:UnderstandingtheExchangeAutodiscoverProcess
Figure6.1CompletingtheinitialOutlookconfigurationusingAutodiscover
Figure6.2UsingtheTestE-mailAutoConfigurationtool
Figure6.3AccessingtheTestE-mailAutoConfigurationtool
Figure6.4TheCertificatesMMCsnap-in
Figure6.5Viewingthedomainstobeincludedinthecertificaterequest
Figure6.6TheCertificateDomainsWizardPage
Figure6.7Selectingservicesthatwillusethecertificate
Figure6.8Viewingcertificateproperties
Chapter7:ExchangeServer2016QuickStartGuide
Figure7.1Settingastaticpagefilefor8GBofRAM
Figure7.2Checkingthedomainandforestfunctionallevels
Figure7.3CheckingforUpdates
Figure7.4SelecttheserverRole
Figure7.5ChoosingtheInstallationlocation
Figure7.6Organizationname
Figure7.7TheSetupCompletedscreen
Chapter8:UnderstandingServerRolesandConfigurations
Figure8.1SelectingtheExchangeServer2016roles
Figure8.2ThewarningmessagewhenanewdatabaseisaddedtoaMailbox
server
Chapter10:InstallingExchangeServer2016
Figure10.1DeterminingwhichdomaincontrollerholdstheSchemaMaster
role
Figure10.2ExchangeconfigurationContainersthatarefoundintheActive
Directoryconfigurationpartition
Figure10.3TheServerRoleSelectionscreen
Chapter12:ManagementPermissionsandRole-BasedAccessControl
Figure12.1TheinteractionamongtheRBACcomponentsforgranting
permissionstoadministrators
Figure12.2HowRBACisusedtograntpermissionstoendusers
Figure12.3ManagingadministratorrolesanduserrolesintheEAC
Figure12.4ViewingrolegroupdetailsintheEAC
Figure12.5ViewingtheuserroleinformationintheEAC
Figure12.6Tabstomanageroles,roleassignmentpolicies,rolegroups,and
scopes
Figure12.7Therelationshipbetweenamanagementroleanditsmanagement
roleentries
Figure12.8TheroleobjectsinActiveDirectory
Figure12.9ThepropertiesfortheMailboxImportExportroleobject
Figure12.10ThemanagementroleentriesfortheMailboxImportExportrole
asseeninADSIEdit
Figure12.11Therelationshipbetweenaparentroleandachildrole
Figure12.12Implementationofanexclusivescope
Figure12.13AroleassignmentobjectiscreatedinActiveDirectorywhenroles
areassigned
Figure12.14AdeeperlookattheroleassignmentobjectinActiveDirectory
Figure12.15Therelationshipbetweenmanagementroleassignments,scopes,
managementroles,andmanagementrolegroups
Figure12.16AdministratoraccountsareaddedtotheADgroupthatrepresents
managementrolegroups
Figure12.17ThelistofmanagementrolegroupsispopulatedintotheEAC
Figure12.18ClicktheAddbuttontoaddamemberofarolegroupintheEAC
Figure12.19Roleassignmentobjectsarealsousedforassigningrolestorole
assignmentpolicies
Figure12.20Checkandunchecktherolesthatyouwanttoaddtoorremove
fromtheroleassignmentpolicy
Figure12.21AuditingRBACchangesusingtheEAC
Chapter13:BasicsofRecipientManagement
Figure13.1Listofaccepteddomains
Figure13.2Creatinganewaccepteddomain
Figure13.3EmailaddresspoliciesforanExchangeServer2016organization
Figure13.4ChanginghowtheSMTPaddressisgenerated
Figure13.5Definingtheemailaddressformatfortheemailaddresspolicy
Figure13.6Namingtheemailaddresspolicy
Figure13.7Conditionsavailableintheemailaddresspolicyrules
Figure13.8Specifyingwordsforaruleinanemailaddresspolicy
Chapter14:ManagingMailboxesandMailboxContent
Figure14.1TheMailboxessectionoftheEAC'sRecipientConfigurationwork
center
Figure14.2IntheMailboxWizard,youcanselectamailboxdatabaseforauser,
aswellasenableanarchivemailboxandassignanaddressbookpolicy
Figure14.3Availablemailboxpermissions
Figure14.4CreatingauseraccountandmailboxfromtheExchange
AdministrationCenter
Figure14.5Generalpropertiespageforamailbox
Figure14.6EmailAddresspropertiesofamailbox
Figure14.7MailboxFeaturespropertiesofamailbox
Figure14.8MessageDeliveryRestrictionsoptions
Figure14.9MoveConfigurationsettings
Figure14.10Optionsforthemigrationbatch
Figure14.11TheMigrationDashboard
Figure14.12MigrationprogressintheMigrationDashboard
Figure14.13Connectingadisconnectedmailbox
Figure14.14Listofthedefaultandpersonalretentiontags
Figure14.15Creatingapersonalretentiontag
Figure14.16Creatingaretentionpolicy
Figure14.17Assigningaretentionpolicytoauser'smailbox
Chapter15:ManagingMail-EnabledGroups,MailUsers,andMailContacts
Figure15.1CreatinganewgroupusingActiveDirectoryUsersandComputers
Figure15.2ViewingthegroupchoicesintheExchangeAdminCenter
Figure15.3OpeningtheNewDistributionGroupwindow
Figure15.4Filtersettingsandconditionsforadynamicdistributiongroup
Figure15.5TheDeliveryManagementwindowofaDistributionGroupobject
Figure15.6Configurationoptionsformoderatedgroups
Figure15.7ConvertingagrouptoauniversalgroupusingActiveDirectory
UsersandComputers
Figure15.8ManaginggroupmembershipfromwithinOutlook
Figure15.9Managinggroupmembershipfromwithinthecontrolpanel
Figure15.10CreatinganewcontactobjectusingActiveDirectoryUsersand
Computers
Figure15.11ContactinformationinActiveDirectoryUsersandComputers
Figure15.12Creatingamail-enabledcontact
Chapter16:ManagingResourceMailboxes
Figure16.1Defininggeneralinformationforaconferenceroommailbox
Figure16.2ViewingroomresourcesintheAddressBookusingOutlook
Figure16.3Enteringtheroomcapacityforaresourcemailbox
Figure16.4ViewingthecustomattributesofroomresourcesintheAddress
BookusingOutlook
Figure16.5Delegatesforaresourcemailbox
Figure16.6BookingOptionsforaresourcemailbox
Figure16.7AvailabilityofresourcemailboxinOutlook
Figure16.8AvailabilityusingroomlistsinOutlook
Chapter17:ManagingModernPublicFolders
Figure17.1ThePublicFolderMailboxesscreen
Figure17.2Creatinganewpublicfoldermailbox
Figure17.3Primaryhierarchypublicfoldermailbox
Figure17.4PublicFolderMailboxproperties
Figure17.5Addinganewpublicfolder
Figure17.6ThePublicfolder'sGeneralpropertiespage
Figure17.7ThePublicfolder'sStatisticspropertiespage
Figure17.8ThePublicfolder'sLimitspropertiespage
Figure17.9Mailflowsettings
Figure17.10Openingthefolderpermissions
Figure17.11Creatinganewfolder
Figure17.12TheOutlookclient'spropertiesdialogboxforapublicfolder
Figure17.13ManagingpublicfolderpermissionsviaOutlook
Chapter18:ManagingArchivingandCompliance
Figure18.1Assigningaretentionpolicytoasinglemailbox
Figure18.2SelecttheCreateAnOn-PremisesArchiveMailboxForThisUser
option
Figure18.3TheExchangeServer2016In-PlaceeDiscovery&HoldConsole
Figure18.4Selectingmailboxes,distributiongroups,andpublicfoldersinthe
In-PlaceeDiscovery&HoldWizard
Figure18.5Definingasearchquery
Figure18.6Definingthemessagetypestosearch
Figure18.7UsingtheIn-PlaceHoldsettingstoplacesearchresultsonhold
Chapter19:CreatingandManagingMailboxDatabases
Figure19.1CreatinganewdatabaseusingtheExchangeAdminCenter
Figure19.2Generalsectionofthemailboxdatabase'spropertiesdialogbox
Figure19.3TheMailboxdatabase'sMaintenancesettings
Figure19.4TheMailboxdatabase'sLimitssettings
Figure19.5QuotalimitinOutlook
Figure19.6QuotalimitinEAC
Figure19.7TheClientSettingspropertiesofamailboxdatabase
Chapter20:CreatingandManagingDatabaseAvailabilityGroups
Figure20.1CreatinganewDAGintheEAC
Figure20.2ExchangeServer2010JBODconfiguration
Figure20.3MailboxdatabasessymmetricallyplacedbetweentheMailbox
servers
Figure20.4Thenetworkbindingorderthatshouldbeinplacebeforeaddinga
MailboxservertoaDAG
Figure20.5Mailboxdatabaselayout
Figure20.6AddingamailboxdatabasetoaMailboxserver
Figure20.7DatabaseoptionsfromtheDetailspaneinEAC
Figure20.8AutomaticReseedconfiguration
Figure20.9Event227showsthataconfigurationchangewasdetected.
Figure20.10Event111showsthatthechangetoPAMiscomplete.
Figure20.11Anattempttocopyremainingtransactionlogfiles
Figure20.12MessagesrequestedromSafetyNet
Figure20.13ExchangeServer2016preferredarchitecture
Figure20.14AsimpleDAG
Figure20.15MultipleDAGs
Chapter21:UnderstandingtheClientAccessServices
Figure21.1Communicationbetweenfrontendandback-endservices
Figure21.2ExchangeServer2016UnifiedMessagingarchitectureandports
Figure21.3Singlenamespaceinasite
Figure21.4Boundnamespaces
Figure21.5Unboundnamespace
Figure21.6HostrecordsforDNSroundrobin
Figure21.7Hardwareloadbalancer
Figure21.8DefaultcertificatesinExchangeServer2016
Figure21.9ASANcertificate
Figure21.10TheNewExchangeCertificateWizard
Figure21.11Assigningservicestoacertificate
Figure21.12TestE-mailAutoConfiguration
Figure21.13OutlookAnywhereFQDN
Figure21.14URLsforOutlookontheweb
Figure21.15Outlookonthewebauthenticationsettings
Figure21.16OutlookWebApppolicy
Figure21.17FileAccesssettingsinanOutlookWebApppolicy
Figure21.18SecuritysettingsfortheDefaultMobile-DeviceMailboxPolicy
Figure21.19MobileDeviceAccessSettings
Figure21.20CalendarsharingoptionsinOutlook
Figure21.21TheSendACalendarViaE-mailsettings
Figure21.22Settingsforcalendarpublishing
Figure21.23Usingareverseproxytosecureaccess
Figure21.24Loadbalancerinaperimeternetwork
Figure21.25CoexistencewithpreviousExchangeServerversions
Chapter22:ManagingConnectivitywithTransportServices
Figure22.1TheMailboxservertransportcomponents
Figure22.2MailflowbetweenDAGmembers
Figure22.3Receiveconnectors
Figure22.4ReceiveconnectorsintheExchangeAdminCenter
Figure22.5DefaultFrontendReceiveconnectorpermissions
Figure22.6SendconnectorintheExchangeAdminCenter
Figure22.7TheIntroductionpageoftheNewSendConnectorwindow
Figure22.8AddingtheRequireTLSEncryptionactiontoatransportrule
Figure22.9ListofacceptedDomains
Figure22.10Creatinganewaccepteddomain
Figure22.11Defaultantimalwaresettings
Chapter23:ManagingTransport,DataLossPrevention,andJournalingRules
Figure23.1AmessageclassificationdisplayedinOutlook2016
Figure23.2Asamplelistofmessageclassifications
Figure23.3LocatingthetransportrulesintheExchangeAdminCenter
Figure23.4TransportruleversionintheEMS
Figure23.5ViewingtheactionsfromtheEAC
Figure23.6Templatestocreatenewtransportrules
Figure23.7TheNewRulewindowforEAC
Figure23.8TheNewRulewindowforEACwithmoreOptions
Figure23.9RulescreatedfromDLPtemplateU.S.PersonallyIdentifiable
Information(PII)Data
Figure23.10OptionsforsensitiveinformationtypePassportNumber(U.S./
U.K.)
Figure23.11TheDLPPolicyFromTemplatewindowfromEAC
Figure23.12PolicyTipforDPLpolicyU.S.FinancialData
Figure23.13ThesensitiveinformationtypescoveredbytheU.S.Financial
transportrule:ScanEmailSentOutside–HighCount
Figure23.14ContentsoftheXMLafterrunningExport-DlpPolicyCollection
Chapter24:TroubleshootingExchangeServer2016
Figure24.1TheloggingdirectoryontheExchangeserver
Figure24.2ViewinganeventfromtheExchangeApplicationlogs
Figure24.3UsingtheTest-ServiceHealthcmdlet
Figure24.4UsingtheQueueViewerinterface
Figure24.5ViewingmessagetrackinginEAC
Figure24.6TrackingmessagesfromtheExchangeAdminCenter
Figure24.7UsingtheTestE-mailAutoConfigurationtool
Figure24.8TheRemoteConnectivityAnalyzer
Chapter25:BackingUpandRestoringExchangeServer
Figure25.1WindowsServerBackuphasbeeninstalled
Figure25.2Selectingtheitemstoincludeinabackup
Figure25.3Selectingtheapplicationtorecover
Figure25.4Searchnameanddescription
Figure25.5TheSearchQueryPage
Figure25.6SearchresultsintheDiscoverySearchMailbox
ListofTables
Chapter3:UnderstandingAvailability,Recovery,andCompliance
Table3.1RAIDConfigurations
Chapter4:VirtualizingExchangeServer2016
Table4.1VirtualizationTerms
Chapter5:IntroductiontoPowerShellandtheExchangeManagementShell
Table5.1PowerShellCommonAliases
Table5.2ShellValuesandOperators
Table5.3InformationOutputforEachGet-HelpView
Chapter9:ExchangeServer2016Requirements
Table9.1MicrosoftOutlookUserTypes
Table9.2ProcessorRecommendationsBasedonNumberofMessagesSentor
ReceivedperMailboxperDay
Table9.3AdditionalMemoryFactorforMailboxServers
Table9.4MemoryRequiredBasedonMailboxSize
Table9.5UserType,DatabaseVolumeIOPS,andMessagesSentandReceived
perDayforExchangeServer2016
Table9.6TaskPermissions
Chapter10:InstallingExchangeServer2016
Table10.1ExchangeServer2016Command-LineInstallationOptions
Table10.2ExchangeServer2016Server-RecoverySetupOptions
Table10.3ExchangeServer2016DelegatedSetupOptions
Table10.4ExchangeServer2016LanguagePackOptions
Chapter11:UpgradesandMigrationstoExchangeServer2016orOffice365
Table11.1ComparisonofExchangeServer2016UpgradeStrategies
Chapter12:ManagementPermissionsandRole-BasedAccessControl
Table12.1CmdletsforManagingtheRBACComponents
Table12.2ImplicitScopeValues
Chapter13:BasicsofRecipientManagement
Table13.1UserMailboxes,MailUsers,andMailContacts
Table13.2Mail-EnabledPublicFoldersandSharedMailboxes
Table13.3EMSCmdletsUsedtoManipulateEmailAddressPolicies
Chapter14:ManagingMailboxesandMailboxContent
Table14.1AccessRightsofMailboxFolders
Table14.2AccessRights(Roles)ofMailboxFolders
Table14.3DefaultMRMPolicyRetentionTags
Chapter15:ManagingMail-EnabledGroups,MailUsers,andMailContacts
Table15.1EMSandPowerShellCmdletsforGroupManagement
Table15.2CommonMail-EnabledGroupProperties
Table15.3ExchangeManagementShellCmdletsforMailContactsandMail
Users
Table15.4UsefulPropertiesofMailContactandMailUserObjects
Chapter16:ManagingResourceMailboxes
Table16.1Recipient-RelatedAttributesforResourceMailboxes
Table16.2BookingOptionsandEMSEquivalents
Table16.3ResourceInformationSettingsandTheirEMSEquivalents
Table16.4EMSParametersofIn-PolicyBookingPolicies
Table16.5EMSParametersofOut-of-PolicyBookingPolicies
Table16.6Set-MailboxCalendarConfigurationParameters
Table16.7AccessRights(Roles)ofCalendarFolders
Chapter18:ManagingArchivingandCompliance
Table18.1DefaultArchiveTags
Chapter20:CreatingandManagingDatabaseAvailabilityGroups
Table20.1ActiveManagerEvaluationofEachDatabaseCopy
Table20.2DB1ReplicationStatus
Table20.3DB2ReplicationStatus
Table20.4DB3ReplicationStatus
Chapter21:UnderstandingtheClientAccessServices
Table21.1CertificateGenerationMethods
Table21.2Forms-BasedAuthenticationLogonFormats
Table21.3PropertiesofanOrganizationRelationship
Table21.4SharingPolicyPermissions
Chapter23:ManagingTransport,DataLossPrevention,andJournalingRules
Table23.1ExchangeServer2016DLP-ScannableFileTypes
Chapter25:BackingUpandRestoringExchangeServer
Table25.1SampleScenarioswithRecoveryGoals
Table25.2Single-ItemRecoveryFeatures
Mastering
Microsoft®ExchangeServer2016
CliftonLeonard
BrianSvidergol
ByronWright
VladimirMeloski
SeniorAcquisitionsEditor:KenyonBrown
DevelopmentEditor:KellyTalbot
TechnicalEditor:JosephNguyen
ProductionEditor:AthiyappanLalithKumar
CopyEditor:KathyGrider-Carlyle
EditorialManager:MaryBethWakefield
ProductionManager:KathleenWisor
ExecutiveEditor:JimMinatel
Proofreader:NancyBell
Indexer:NancyGuenther
ProjectCoordinator,Cover:BrentSavage
CoverDesigner:Wiley
CoverImage:©i3d/Shutterstock
Copyright©2016byJohnWiley&Sons,Inc.,Indianapolis,Indiana
PublishedsimultaneouslyinCanada
ISBN:978-1-119-23205-6
ISBN:978-1-119-23208-7(ebk.)
ISBN:978-1-119-23207-0(ebk.)
ManufacturedintheUnitedStatesofAmerica
Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyany
means,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections
107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,or
authorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222Rosewood
Drive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbe
addressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)
748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.
LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswith
respecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,
includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextended
bysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforevery
situation.Thisworkissoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,
orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalperson
shouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.Thefactthatan
organizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoes
notmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideor
recommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmay
havechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.
Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactour
CustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-
4002.
Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwith
standardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.Ifthisbookrefersto
mediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialat
http://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com.
LibraryofCongressControlNumber:2016946244
TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&
Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwritten
permission.MicrosoftisaregisteredtrademarkofMicrosoftCorporation.Allothertrademarksarethepropertyof
theirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthis
book.
Thisbookisdedicatedtomyloving,gorgeouswife,Marie,andtomyincredible
inspirationsPierce,Treyden,Gabrielle,Cheyenne,Taylor,Zoe,andTalon.Thank
youforenduringallmylatenightsandcontinuouslyencouragingmethrough
thisjourney.Iloveyouall!
—CliftonLeonard
I'dliketothankmywife,Lindsay;myson,Jack;andmydaughter,Leah,forthe
unendingsupportandDavidElfassyforreachingouttometogetinvolvedwith
thisproject—thankyou!Finally,I'dliketothanktheoriginalExchange“super
team”—Larry,Mike,Carl,George,Dennis,andtheChicagocrew—youguys
helpedmeelevatemygame.
—BrianSvidergol
Idedicatethisbooktomyparentswhounwittinglyputmeonthepathtoworking
withtechnologybyindulgingmeinmyyouth.WhoknewbuyingaCommodore
VIC-20wouldgetitallstarted?Iamthankfulforthatandyoursupportinmany
otherwaysovertheyears.
—ByronWright
Tomylovingfamilywhoalwayssupportsme.
—VladimirMeloski
Acknowledgments
Thankyouonceagain,Microsoft,foragreatreleaseofExchangeServer.Thisisnow
theeighthmajorreleaseofthewell-knownpremiermessagingsystem.Inthisrelease,
wecanseetheeffortandingenuitycometogetherinsolvingcustomerproblemsto
createatrulysuperiorproduct.Congratulations!
Astheteamthatisworkingonthisbookcompletesthefinalstepsrequiredtosendit
totheprinter,Icontinuetobringsomereal-worldexpertiseintothecontent.Ihave
deployedseveralExchangeServer2016infrastructurestodate,butthisproductisso
vastandsobroadthatIcontinuetofinddesignoptions,bestpractices,and
architecturerecommendationsonadailybasis.I'mprettysurethatIwillbeupdating
thecontentuptothelastminute!
WhenIwasapproachedtotakeonthisbook,severalmonthsbeforeExchangeServer
2016wasabouttoreleasetomanufacturing,myreactionwas,“WhataboutDavidand
Jim?”DavidElfassyauthoredthepreviouseditionandhasbeenaninvaluable
contributortotheMicrosoft,andmorespecificallyExchangeServer,community.Prior
toDavid,JimMcBeeauthoredthreepreviouseditionsofthisbookandhasbeenthe
pillaroftheMasteringExchangeServerseries.Iconsiderittobeatruehonortotake
overforDavidElfassyandJimMcBeeastheleadauthorforthisbook,andIhopethat
thiseditionhasadequatelyfollowedthroughontheirtraditions.
Throughoutthebook,wehavetriedtokeepthetoneandlanguagesimilartowhatwas
usedinthepreviouseditionsofthisbook,soifyouarefamiliarwithbothofthese
men'swritingstyle,youshouldfindcomfortinthesepages.Inaddition,wehave
removedsomeoftheintroductorytechnicalinformationfrompreviouseditions,to
reflectthedepthofinitialexperienceofthereaders.
Takingontheresponsibilityofa816-plus-pagemanualisnosimpletaskandnotone
thatcanbeundertakenbyonlyoneperson.Alongtheway,Ihaveinvitedseveral
contributorstothiseffort.Theirknowledgeandexpertisehaveaddedincrediblevalue
tothisbook.Havingwrittenanywherefromseveralparagraphstocompletechapters,
BrianSvidergol,ByronWright,andVladimirMeloskiareExchangeServerguruswho
haveprovidedkeycontentforthisbook.Thesemenarewellrespectedwithinthe
ExchangeServercommunityandareauthorsofMicrosoftOfficialCurriculum,
includingExchangeServer2016.Theyhavebeengreatcontributionstothiseffort.
Thankyou!
Thereisalsoamanwhohaskeptusallhonestandhasbeenthegatekeeperfor
technicalaccuracyinthisbook,andhehashelpedreviseacoupleofchaptersmore
substantially.JosephNguyenagreedtotakeontheresponsibilityoftechnicalreviewer
forthisbookandhasdoneaformidablejob.Iconsideritanhonortohaveworked
withhim!Joseph,thankyou!
ThegreatfolksatWileyhavebeenpatientbeyondbeliefwhenitcomestodeadlines,
content,andoutlinechangesaswellasourever-changinglistofcontributors.They
includeacquisitionseditorKenBrown,developmentaleditorKellyTalbot,and
productioneditorAthiyappanLalithKumar.
Andaspecialacknowledgmenttothoseinmydailylife,myfather,DCLeonard;my
mother,LynetteLeonard;mysister,JaenaPoppe;andmybrothers,Jerry,Adam,and
Jeff:thankyouforalwaysbeingsupportiveofallmyendeavors.
—CliftonLeonard
AbouttheAuthors
CliftonLeonard,MCSE:ExchangeServer,hasmorethan25years'experienceinthe
ITindustryasanengineer,architect,consultant,trainer,andauthor.Cliftonhas
extensiveexperienceconsultingonActiveDirectory,ExchangeServer,LyncandSkype
forBusinessServer,IdentityManagement,Office365,andAzurecloudsolutions.His
clientsincludelargeenergycorporations,K-12schools,universities,technology
manufacturers,financialinstitutions,theUnitedStatesAirForce,andtheDepartment
ofDefense.WhileCliftoncuthisteethonMicrosoftMailonNovellNetwareand
ExchangeServer5.0onDECAlpha,hehasworkedwitheveryversionofExchange
Serversincethen.Hehasalsocontributedasasubjectmatterexperttomultiple
MicrosoftcoursesincludingWindowsDesktop,WindowsServer,ExchangeServer,
SharePointServer,HyperV,IdentityManagement,Office365,andAzure.Helping
organizationsmigratetothelatestversionsofMicrosoftExchangeServerhasalways
beenakeyfocusofClifton'sconsultingcommitments.
BrianSvidergolbuildsMicrosoftinfrastructureandcloudsolutionswithWindows,
MicrosoftExchange,ActiveDirectory,Office365,andrelatedtechnologies.Heholds
theMicrosoftCertifiedTrainer(MCT),MicrosoftCertifiedSolutionsExpert(MCSE)
ServerInfrastructure,andseveralotherMicrosoftandindustrycertifications.Brian
hasauthoredbooksonActiveDirectory,WindowsServer,ExchangeServer,and
relatedinfrastructuretechnologies.HeservedasanMCTAmbassadoratTechEd
NorthAmerica2013andatMicrosoftIgnite2015.Brianworksasasubjectmatter
expert(SME)onmanyMicrosoftOfficialCurriculumcourses,edXcourses,and
Microsoftcertificationexams.Hehasauthoredavarietyoftrainingcontent,blog
posts,andpracticetestquestionsandhasbeenatechnicalreviewerforalargenumber
ofbooks.
ByronWrightistheownerofBTWTechnologySolutionswhereheprovides,
designs,andimplementssolutionsusingExchangeServerandOffice365.Hehasbeen
aconsultant,author,andinstructorfor20years,specializinginExchangeServer,
WindowsServer,Office365,networkdesign,networksecurity,andrelated
technologies.ByronhasbeenaMicrosoftMVPforExchangeServersince2012.
VladimirMeloskiisaMicrosoftMostValuableProfessionalonOfficeServerand
Services,MicrosoftCertifiedTrainer,andconsultant,providingunified
communicationsandinfrastructuresolutionsbasedonMicrosoftExchangeServer,
SkypeforBusiness,Office365,andWindowsServer.Withabachelor'sdegreein
computersciences,Vladimirhasdevotedmorethan20yearsofprofessional
experiencetoinformationtechnology.VladimirhasbeeninvolvedinMicrosoft
conferencesinEuropeandintheUnitedStatesasaspeaker,moderator,proctorfor
hands-onlabs,andtechnicalexpert.Healsohasbeeninvolvedasanauthorand
technicalreviewerforMicrosoftofficialcourses,includingExchangeServer2016,
2013,2010,and2007;Office365;andWindowsServer2012.AsaskilledIT
professionalandtrainer,Vladimirshareshisbestpractices,real-worldexperiences,
andknowledgewithhisstudentsandcolleaguesandisdevotedtoITcommunity
developmentbycollaboratingwithITProanddeveloperusergroupsworldwide.
AbouttheTechnicalEditor
JosephNguyenisaseniorconsultantforMicrosoft.Hehas20yearsofexperience
asasystemadministrator,messagingengineer,ITanalyst,systemsengineer,
consultant,andtrainerprovidingmessaging,communications,andcollaboration
expertiseforawiderangeofcorporationsandinstitutions.Josephcoauthored
ExchangeServer2010Administration:RealWorldSkillsforMCITPCertificationand
BeyondandMCITPSelf-PacedTrainingKit(Exam70-238):DeployingMessaging
SolutionswithMicrosoftExchangeServer2007.
Introduction
Thankyouforpurchasing(orconsideringthepurchaseof)MasteringExchange
Server2016;thisisthelatestinaseriesofMasteringExchangeServerbooksthathave
helpedthousandsofreaderstobetterunderstandMicrosoft'sexcellentmessaging
system.Alongtheway,wehopethatthisseriesofbookshasmadeyouabetter
administratorandallowedyoutosupportyourorganizationstothebestofyour
abilities.
Whenwestartedplanningtheoutlineofthisbookmorethanayearbeforeitsrelease,
ExchangeServer2016appearedtobesimplyaminorseriesofimprovementsover
ExchangeServer2013.Ofcourse,thefurtherweexploredtheproduct,themorewe
foundthatwasnotthecase.ManyoftheimprovementsinExchangeServer2016were
majorimprovements(suchasOutlookontheweb)andsometimesevencomplete
rewrites(suchasinthecaseoftheClientAccessservicesrole)ofhowtheproduct
workedpreviously.
Anotherchallengethenpresenteditself.ThemarketpenetrationofExchangeServer
2013wasfairlydominant,butwefoundthatmanyorganizationsstillrunExchange
Server2010.Therefore,weneededtoexplainthedifferencesfornotonlyExchange
Server2013administratorsbutalsofortheExchangeServer2010administrators.On
theotherhand,ExchangeServer2003reachedend-of-lifeonApril8,2014.Asaresult,
Microsoftnolongerprovidessecurityupdates,offersfreeorpaidsupportoptions,nor
providesupdatedonlinecontentsuchasKBarticlesforExchangeServer2003.
OrganizationswithExchangeServer2003deployedafterApril8,2014,areresponsible
fortheirownsupportoftheproductandaccepttheriskassociatedwiththe
deployment.
Wetookastepbackandlookedatthepreviouseditionsofthebooktofigureouthow
muchofthepreviousmaterialwasstillrelevant.Someofthematerialfromthe
ExchangeServer2013bookisstillrelevantbutneededupdating.Somerequired
completelyrewritingchapterstocovernewtechnologiesintroducedinExchange
Server2016ortechnologiesthathavesincetakenonmoreimportanceindeployments
andmanagement.Wefacedthechallengeofexplainingtwomanagementinterfaces,
ExchangeManagementShellandExchangeAdminCenter,aswellasdescribingthe
newrolesandfeatures.
WestartedworkingwiththeExchangeServer2016codemorethanayearbeforewe
expectedtoreleasethebook.MuchofthebookwaswrittenusingtheRTMcodethat
wasfirstmadeavailableinOctober2015,butaswecontinuedwritingthebook,we
madeupdatesbasedonchangesintroducedinCumulativeUpdate1(March2016).So,
youcansafelyassumewhenreadingthisbookthatitisbasedonthelatestbitsof
ExchangeServer2016thatreleasedinlatesummer2016.Inwritingthisbook,wehad
afewgoalsforthebookandtheknowledgewewantedtoimparttothereader:
Wewantedtoprovideanappropriatecontextfortheroleofmessagingservicesin
anorganization,outliningtheprimaryskillsrequiredbyanExchangeServer
administrator.
WewantedthereadertofeelcomfortablewhenapproachinganExchangeServer
environmentofanysize.Thecontentinthisbookcanassistadministratorsof
smallcompanieswithonlyoneserver,aswellasadministratorswhohandlelarge
ExchangeServerfarms.
Wewantedtheskillsandtaskscoveredinthisbooktobeapplicableto80percent
ofallorganizationsrunningExchangeServer.
Wewantedthebooktoeducatenotonly“newtoproduct”administratorsbutalso
those“newtoversion”administratorswhoareupgradingfromapreviousversion.
WewantedthebooktofamiliarizeadministratorswithOffice365environments
andtheimplementationofhybridcoexistencewithon-premisesExchangeServer
deployments.
Wewantedtoprovidefamiliarreferencesforadministratorsofpreviousversions,
ensuringthatExchangeServer2010and2013administratorscaneasilyfind
equivalentsolutionsinExchangeServer2016.
Microsoftlistenedtotheadviceofmanyofitscustomers,itsinternalconsultantsat
MicrosoftConsultingServices(MCS),MicrosoftCertifiedSystemsEngineers
(MCSEs),MostValuableProfessionals(MVPs),MicrosoftCertifiedSolutionsMasters
(MCSMs),andMicrosoftCertifiedTrainers(MCTs)tofindoutwhatwasmissingfrom
earlierversionsoftheproductandwhatorganizations'needswere.Muchofthiswork
startedevenbeforeExchangeServer2016wasreleased.
MajorChangesinExchangeServer2016
ThisbookcoversthemanychangesinExchangeServer2016indetail,butwethought
wewouldgiveyoualittlesampleofwhatistocomeinthechapters.Asyoucan
imagine,thechangesareonceagainsignificant,consideringthetremendouseffort
thatMicrosoftsinksintotheExchangeServerlineofproducts.ExchangeServerisa
significantgeneratorofrevenueforMicrosoftandisalsoafoundationalservicefor
Office365.Microsofthaseveryreasontocontinueimprovingthismostimpressive
marketleaderofemailandcollaborationservices.
TheprimarychangesinExchangeServer2016sincethelatestrelease(Exchange
Server2013)havecomeinthefollowingareas:
ClientaccessserviceshavebeenintegratedintotheMailboxserverrole,andthe
ClientAccessserverrolehasbeenremoved.
OutlookWebAppisnowknownasOutlookontheweb,isoptimizedfortablets,
andprovidesplatform-specificexperiencesforsmartphones.
MAPIoverHTTPisnowthedefaultprotocolthatOutlookusestocommunicate
withExchange,whichallowsahigherlevelofvisibilityoftransporterrorsand
enhancedrecoverability.
WithSharePointServer2016,youcanenableOutlookonthewebuserstolinkto
andsharedocumentsstoredinOneDriveforBusinessinanon-premises
SharePointserverinsteadofattachingafiletothemessage.
TheHybridConfigurationWizard(HCW)isprovidedasadownloadtosupport
changesintheOffice365serviceandtoprovideamorestabledeploymentand
consistentexperience.
SignificantenhancementsforDataLossPrevention(DLP)havebeenadded.Witha
DLPpolicyandmailflowrules,youcanidentify,monitor,andprotect80different
typesofsensitiveinformation.
PublicfolderintegrationintotheIn-PlaceeDiscoveryandHoldworkflowenable
youtosearchpublicfoldersinyourorganizationandconfigureanIn-PlaceHold
onpublicfolders.
AneweDiscoverysearchtool,calledComplianceSearch,providesimprovedscaling
andperformancecapabilitiessoyoucansearchverylargenumbersofmailboxesin
asinglesearch.
Ofcourse,manymorechangeshavebeenintroducedinExchangeServer2016,butthe
precedingliststandsouttousasthemostnoteworthyimprovements.Chapter2,
“IntroducingtheChangesinExchangeServer2016,”containsanexhaustivelistofall
significantchanges,aswellaschangessincespecificversionsofExchangeServer(for
example,ExchangeServer2010andExchangeServer2013).
HowThisBookIsOrganized
Thisbookconsistsof25chapters,dividedintofivebroadparts.Asyouproceed
throughthebook,you'llmovefromgeneralconceptstoincreasinglydetailed
descriptionsofhands-onimplementation.
Thisbookwon'tworkwellforpractitionersofthetime-wornritualofchapterhopping.
Althoughsomereadersmaybenefitfromreadingoneortwochapters,werecommend
thatyoureadmostofthebookinorder.EvenifyouhaveexperienceasanExchange
Serveradministrator,werecommendthatyoudonotskipanychapter,becausethey
allprovidenewinformationsincethepreviousiterationsofExchangeServer.Onlyif
youalreadyhaveconsiderableexperiencewiththeseproductsshouldyoujumptothe
chapterthatdiscussesindetailtheinformationforwhichyouarelooking.
Ifyouarelikemostadministrators,though,youliketogetyourhandsonthesoftware
andactuallyseethingsworking.Havingaworkingsystemalsohelpsmanypeopleas
theyreadabookorlearnaboutanewpieceofsoftwarebecausethisletsthemtest
newskillsastheylearnthem.Ifthissoundslikeyou,thenstartwithChapter7,
“ExchangeServer2016QuickStartGuide.”Thischapterwilltakeyoubrieflythrough
someofthethingsyouneedtoknowtogetExchangeServerrunning,butnotinalot
ofdetail.Aslongasyou'renotplanningtoputyourquickieserverintoproduction
immediately,thereshouldbenoharmdone.Beforeyouputitintoproduction,
though,westronglysuggestthatyouexploreotherpartsofthisbook.Followingisa
guidetowhat'sineachchapter.
Part1:ExchangeFundamentals
ThispartofthebookfocusesonconceptsandfeaturesofMicrosoft'sWindowsServer
2012R2,ExchangeServer2016,andsomeofthefundamentalsofoperatingamodern
client/serveremailsystem.
Chapter1,“PuttingExchangeServer2016inContext,”isforthoseadministrators
whohavebeenhandedanExchangeServerorganizationbutwhohavenever
managedapreviousversionofExchangeServerorevenanothermailsystem.This
willgiveyousomeofthebasicinformationandbackgroundtohelpyougetstarted
managingExchangeServerand,hopefully,providealittlehistoryandperspective.
Chapter2,“IntroducingtheChangesinExchangeServer2016,”introducesthenew
featuresofExchangeServer2016ascontrastedwithpreviousversions.
Chapter3,“UnderstandingAvailability,Recovery,andCompliance,”helpseven
experiencedadministratorsnavigatesomeofthenewhurdlesthatExchange
Serveradministratorsmustovercome,includingprovidingbettersystem
availability,siteresiliency,backupandrestorationplans,andlegalcompliance.
Thischapterdoesnotcoverdatabaseavailabilitygroupsindetail;instead,that
informationiscoveredinChapter20,“CreatingandManagingDatabase
AvailabilityGroups.”
Chapter4,“VirtualizingExchangeServer2016,”helpsyoudecidewhetheryou
shouldvirtualizesomepercentageofyourservers,asmanyorganizationsare
doing.
Chapter5,“IntroductiontoPowerShellandtheExchangeManagementShell,
focusesonandusesexamplesoffeaturesthatareenabledinPowerShellthrough
theExchangeServer2016managementextensionsforPowerShell.All
administratorsshouldhaveatleastabasicfamiliaritywiththeExchange
ManagementShellextensionsforPowerShellevenifyourarelyusethem.
Chapter6,“UnderstandingtheExchangeAutodiscoverProcess,”helpsyoutocome
uptospeedontheinnerworkingsofthemagicvoodoothatisAutodiscover,a
featurethatgreatlysimplifiestheconfigurationofbothinternalandexternal
clients.
Part2:GettingExchangeServerRunning
Thissectionofthebookisdevotedtotopicsrelatedtomeetingtheprerequisitesfor
ExchangeServerandgettingExchangeServerinstalledcorrectlythefirsttime.While
installingExchangeServercorrectlyisnotrocketscience,gettingeverythingrightthe
firsttimewillgreatlysimplifyyourdeployment.
Chapter7,“ExchangeServer2016QuickStartGuide,”iswhereeveryonelikesto
jumprightinandinstallthesoftware.Thischapterwillhelpyouquicklygeta
singleserverupandrunningforyourtestandlabenvironment.Whileyoushould
notdeployanentireenterprisebasedonthecontentofthisonechapter,itwill
helpyougetstartedquickly.
Chapter8,“UnderstandingServerRolesandConfigurations,”coverstheprimary
servicesthatrunontheExchangeServer:mailboxservices,transportservices,and
clientaccessservices.
Chapter9,“ExchangeServer2016Requirements,”guidesyouthroughthe
requirements(pertainingtoWindowsServer,ActiveDirectory,andprevious
versionsofExchangeServer)thatyoumustmeetinordertosuccessfullydeploy
ExchangeServer2016.
Chapter10,“InstallingExchangeServer2016,”takesyouthroughboththe
graphicaluserinterfaceandthecommand-linesetupforinstallingExchange
Server2016.
Chapter11,“UpgradesandMigrationstoExchangeServer2016orOffice365,
helpsyoudecideontherightmigrationortransitionapproachforyour
organization.Itrecommendsstepstotaketoupgradeyourorganizationfrom
ExchangeServer2010or2013toExchangeServer2016ortoOffice365.Also
includedinthischapterarerecommendationsformigrationphasesandhybrid
coexistencewithOffice365.
Part3:RecipientAdministration
Recipientadministrationgenerallyendsupbeingthemosttime-consumingportionof
ExchangeServeradministration.Recipientadministrationincludescreatingand
managingmailboxes,managingmailgroups,creatingandmanagingcontacts,and
administeringpublicfolders.
Chapter12,“ManagementPermissionsandRole-BasedAccessControl,”introduces
oneofthemostpowerfulfeaturesofExchangeServer2016,Role-BasedAccess
Control,whichenablesextremelydetaileddelegationofpermissionsforall
ExchangeServeradministrativetasks.Thisfeaturewillbeofgreatvaluetolarge
organizations.
Chapter13,“BasicsofRecipientManagement,”introducesyoutosomeconcepts
youshouldconsiderbeforeyoustartcreatingusers,includinghowemailaddresses
aregeneratedandhowrecipientsshouldbeconfigured.
Chapter14,“ManagingMailboxesandMailboxContent,”isatthecoreofmost
ExchangeServeradministrators'jobssincethemailboxesrepresentthedirect
customer(theenduser).Thischapterintroducestheconceptsofmanaging
mailboxes,mailboxdata(suchaspersonalarchives),andmailboxdataretention.
Chapter15,“ManagingMail-EnabledGroups,MailUsers,andMailContacts,”
coversmanagementoftheseobjects,includingcreatingthem,assigningemail
addresses,securinggroups,andallowingforself-servicemanagementofgroups,
anditoffersguidelinesforcreatingcontacts.
Chapter16,“ManagingResourceMailboxes,”discussesakeytaskformost
messagingadministrators.Aresourcecanbeeitheraroom(suchasaconference
room)orapieceofequipment(suchasanoverheadprojector).ExchangeServer
2016makesiteasytoallowuserstoviewtheavailabilityofresourcesandrequest
theuseoftheseresourcesfromwithinOutlookorOutlookontheweb.
Chapter17,“ManagingModernPublicFolders,”introducesyoutothenewpublic
folderstorageandmanagementfeaturesinExchangeServer2016.Althoughpublic
foldersarebeingdeemphasizedinmanyorganizations,otherorganizationsstill
havemassivequantitiesofdatastoredinthem.Microsofthasreinventedpublic
foldersinthislatestreleaseofExchangeServer.
Chapter18,“ManagingArchivingandCompliance,”coversnotonlytheoverall
conceptsofarchivingandhowtherestoftheindustryhandlesarchivingbutalso
theexcitingarchivalandretentionfeatures.
Part4:ServerAdministration
Althoughrecipientadministrationisimportant,administratorsmustnotforgettheir
responsibilitiestoproperlysetuptheExchangeserverandmaintainit.Thissection
helpsintroduceyoutotheconfigurationtasksandmaintenancenecessaryforsomeof
theExchangeServer2016servicesaswellassafelyconnectingyourorganizationto
theInternet.
Chapter19,“CreatingandManagingMailboxDatabases,”helpsfamiliarizeyou
withthechangesinExchangeServer2016withrespecttomailboxdatabase,
storage,andbasicsizingrequirements.Manyexcitingchangeshavebeenmadeto
supportlargedatabasesandtoallowExchangeServertoscaletosupportmore
simultaneoususers.
Chapter20,“CreatingandManagingDatabaseAvailabilityGroups,”isakey
chapterinthisbookthatwillaffectalladministratorsfromsmalltolarge
organizations.ExchangeServer2016reliesheavilyonWindowsFailover
Clusteringforitssiteresilienceandhighavailabilityfunctionalities.Thischapter
coverstheimplementationandmanagementofhighavailabilitysolutions.
Chapter21,“UnderstandingtheClientAccessServices,”introducesyoutothe
criticalclientaccessservicesandtherelatedcomponentsrunningontheMailbox
server.
Chapter22,“ManagingConnectivitywithTransportServices,”bringsyouupto
speedontheTransportservicesthatrunwiththemailboxandclientaccess
services.Thischapterdiscussesmailflowandthetransportpipelineindetail.
Chapter23,“ManagingTransport,DataLossPrevention,andJournalingRules,”
showsyouhowtoimplementafeaturesetthatwasfirstintroducedinExchange
Server2007buthassincebeengreatlyimproved:thetransportrulefeature.This
chapteralsodiscussesmessagejournalingandDataLossPreventionpolicies.
Part5:TroubleshootingandOperating
TroubleshootingandkeepingapropereyeonyourExchangeservers'healthareoften
neglectedtasks.YoumaynotlookatyourExchangeserversuntilthereisanactual
problem.Inthispart,wediscusssometipsandtoolsthatwillhelpyouproactively
manageyourExchangeServerenvironment,ensuringthatyoucantrackdown
problemsaswellasrestoreanypotentiallostdata.
Chapter24,“TroubleshootingExchangeServer2016,”introducesyounotonlyto
troubleshootingthevariouscomponentsofExchangeServer2016butalsotogood
troubleshootingtechniques.Thischapteralsoincludesadiscussionofsomeofthe
ExchangeServer2016built-intools,suchastheExchangeManagementShelltest
cmdletsandtheRemoteConnectivityAnalyzer.
Chapter25,“BackingUpandRestoringExchangeServer,”includesdiscussionson
developingabackupplanforyourExchangeServer2016serversaswellashowto
implementappropriatebackupsolutionsforExchangeServerconfiguration,
databases,logs,andanyotherrelevantinformation.
ConventionsUsedinThisBook
Weusethecode-continuationcharacteronPowerShellcommandstoindicatethatthe
lineoftextispartofapreviouscommandline.
Manyofthescreencapturesinthisbookhavebeentakenfromlabandtest
environments.However,sometimesyouwillseescreencapturesthatcamefroman
actualworkingenvironment.Wehaveobscuredanyinformationthatwouldidentify
thoseenvironments.
AnyexamplesthatincludeIPaddresseshavehadtheIPaddresseschangedtoprivate
IPaddressesevenifwearereferringtoInternetaddresses.
Remember,ExchangeServerisdesignedtohelpyourorganizationdowhatitdoes
better,moreefficiently,andwithgreaterproductivity.Havefun,beproductive,and
prosper!
TheMasteringSeries
TheMasteringseriesfromSybexprovidesoutstandinginstructionforreaderswith
intermediateandadvancedskills,intheformoftop-notchtraininganddevelopment
forthosealreadyworkingintheirfieldandclear,seriouseducationforthoseaspiring
tobecomepros.EveryMasteringbookincludesthefollowing:
Real-WorldScenarios,rangingfromcasestudiestointerviews,thatshowhowthe
tool,technique,orknowledgepresentedisappliedinactualpractice
Skill-basedinstruction,withchaptersorganizedaroundrealtasksratherthan
abstractconceptsorsubjects
Self-reviewtestquestions,soyoucanbecertainyou'reequippedtodothejobright
Part1
ExchangeFundamentals
Chapter1:PuttingExchangeServer2016intoContext
Chapter2:IntroducingtheChangesinExchangeServer2016
Chapter3:UnderstandingAvailability,Recovery,andCompliance
Chapter4:VirtualizingExchangeServer2016
Chapter5:IntroductiontoPowerShellandtheExchangeManagement
Shell
Chapter6:UnderstandingtheExchangeAutodiscoverProcess
Chapter1
PuttingExchangeServer2016inContext
EmailisoneofthemostvisibleservicesthatInformationTechnology(IT)
professionalsprovide;mostorganizationshavebecomedependenton“soft
informationtoruntheirbusiness.Asaresult,usershavedevelopedanattachmentto
emailthatgoesbeyondthehardvalueoftheinformationitcontains.Ifthere'sa
problemwithemail,itaffectsusers'confidenceintheirabilitytodotheirjobs—and
theirconfidenceinIT.
Microsoft'sExchangeServerproductsplayakeyroleinelectronicmessaging,
includingemail.Thischapterisahigh-levelprimeronExchangeServer–basedemail
administrationandgoodadministrationpractices,anditpreparesyoutoputExchange
Server2016intothepropercontext.Anexperiencedemailadministratormaywantto
proceedtomoretechnicalchapters.However,ifyouarenewtothejoborneeda
refresher,ormaybeyoujustwanttoputemailservicesbackintoperspective,this
chapterisforyou!
INTHISCHAPTER,YOUWILLLEARNTO:
Understandemailfundamentals
Identifyemail-administrationduties
Email'sImportance
Ifyou'reresponsibleforelectronicmessaginginyourorganization,noonehastotell
youaboutitssteadilyexpandinguse—youseeevidenceeverytimeyoucheckthe
storagespaceonyourdiskdrivesorneedanadditionaltapetocompletethebackupof
yourmailserver.Thissectiondiscussessomeaspectsofelectronicmailandtheever-
changingnatureofemail.EvenexperiencedExchangeServeradministratorsmaywant
toreviewthissectiontobetterunderstandhowtheirusersandrequirementsare
evolving.
Billionsofemailsaresenteveryday(morethan200billionworldwide,accordingto
researchfirmTheRadicatiGroup).That'salotofemailmessages,onalotofservers—
manyofthemExchangeservers.
Sure,sendingsimpletextemailandfileattachmentsisthemostbasicfunction,but
emailsystems(theclientand/ortheserver)mayalsoperformthefollowingimportant
functions:
Actasapersonalinformationmanager,providingstorageforandaccessto
personalcalendars,personalcontacts,to-doandtasklists,personaljournals,and
chathistories.
Providetheuserwithasingle“pointofentry”formultipletypesofinformation,
suchasvoicemail,faxes,andelectronicforms.
Providesharedcalendars,departmentalcontacts,andothersharedinformation.
Providenotificationsofworkflowprocesses,suchasfinance/accountingactivities,
ITevents(serverstatusinformation),andmore.
Archiveimportantattachments,textmessages,andmanyothertypesof
information.
Allowuserstoaccesstheir“emaildata”throughavarietyofmeans,including
clientsrunningonWindowscomputers,Applecomputers,Unixsystems,web
browsers,mobilephones,andevenaregulartelephone.
Performrecordsmanagementandenablelong-termstorageofimportant
informationorinformationthatmustbearchived.
Enablenear-timecommunicationofsalesandsupportinformationwithvendors
andcustomers.
Thesearejustafewofthetypesofthingsthatanemailsystemmayprovidetotheend
usereitherviatheclientinterfaceorasaresultofsomefunctionrunningonthe
server.
HowMessagingServersWork
Atthecoreofanymessagingsystem,youwillfindacommonsetofbasicfunctions.
Thesefunctionsmaybeimplementedindifferentwaysdependingonthevendoror
eventheversionoftheproduct.ExchangeServerhasevolveddramaticallyoverthe
past20years,anditscurrentarchitectureisalmostnothinglikeExchangeServer4.0
from1996.Commoncomponentsofmostmessagingsystemsincludethefollowing:
Amessagetransportsystemthatmovesmessagesfromoneplacetoanother.
ExamplesincludetheSimpleMailTransportProtocol(SMTP).
Amessagestoragesystemthatstoresmessagesuntilausercanreadorretrieve
them.Messagesmaybestoredinaclient/serverdatabase,asharedfiledatabase,
oreveninindividualfiles.
Adirectoryservicethatallowsausertolookupinformationaboutthemail
system'susers,suchasauser'semailaddress.
Aclientaccessinterfaceontheserverthatallowstheclientstogettotheirstored
messages.Thismightincludeawebinterface,aclient/serverinterface,orthePost
OfficeProtocol(POP).
Theclientprogramthatallowsuserstoreadtheirmail,sendmail,andaccessthe
directory.ThismayincludeOutlook,Outlookontheweb,andamobiledevicesuch
asaWindowsphone,aniPhone,oranAndroiddevice.
Workingintandemwithreal-timeinteractivetechnologies,electronicmessaging
systemshavealreadyproducedasetofimaginativebusiness,entertainment,and
educationalapplicationswithhighpayoffpotential.Allofthisaction,ofcourse,
acceleratesthedemandforelectronicmessagingcapabilitiesandservices.
Mostorganizationsthatdeployanemailsystemusuallydeployadditionalcomponents
fromtheiremailsoftwarevendororthirdpartiesthatextendthecapabilitiesofthe
emailsystemorproviderequiredservices.Theseincludethefollowing:
Integrationwithexistingphonesystemsorenterprisevoicedeploymentstopull
voicemessagesintothemailbox
Message-hygienesystemsthathelpreducethelikelihoodofamaliciousor
inappropriatemessagebeingdeliveredtoauser
Backupandrecovery,disasterrecovery,andbusinesscontinuitysolutions
Messagearchivalsoftwaretoallowforthelong-termretentionandindexingof
emaildata
Electronicformsroutingsoftwarethatmayintegratewithaccounting,orderentry,
orotherline-of-businessapplications
Mailgatewaystoallowdifferingmobiledevices,suchasBlackBerrydevices,to
accessthemailserver,alongwithnativeaccessthroughExchangeActiveSync
Emailsecuritysystemsthatimprovethesecurityofemaildataeitherwhilebeing
transferredorwhilesittingintheuser'smailbox
AlinkloadbalancertobalancetheloadbetweenmultipleInternet-facingservers
orinternalservers
WhatIsExchangeServer?
Initssimplestform,ExchangeServerprovidestheunderlyinginfrastructure
necessarytorunamessagingsystem.ExchangeServerprovidesthedatabasetostore
emaildata,thetransportinfrastructuretomovetheemaildatafromoneplaceto
another,andtheaccesspointstoaccessemaildataviaanumberofdifferentclients.
However,ExchangeServer,whenusedwithotherclientssuchasOutlookorOutlook
ontheweb,turnsthe“mailbox”intoapointofstorageforpersonalinformation
managementsuchasyourcalendar,contacts,tasklists,andanyfiletype.Userscan
sharesomeorallofthisinformationintheirownmailboxwithotherusersonthe
messagesystemandstarttocollaborate.
TheOutlookandOutlookonthewebclientsalsoprovideaccesstopublicfolders.
Publicfolderslooklikeregularmailfoldersinyourmailbox,exceptthattheyareinan
areawheretheycanbesharedbyalluserswithintheorganization.Afoldercanhave
specializedformsassociatedwithittoallowthesharingofcontacts,calendarentries,
orevenotherspecializedforms.Further,eachpublicfoldercanbesecuredsothat
onlycertainuserscanviewormodifydatainthatfolder.
TheUnifiedMessagingfeaturesinExchangeServer2016furtherextendthefunctions
ofExchangeServerinyourorganizationbyallowingyourExchangeServer
infrastructuretoalsoactasyourvoicemailsystemanddirectvoicemailsandmissed-
callnotificationsautomaticallytotheuser'smailbox.
WhileintegratedvoicemailsolutionsarenothingnewforExchangeServercustomers,
Microsoftisnowprovidingthesecapabilitiesoutoftheboxratherthanrelyingon
third-partyproducts.
ExchangeServer2016tightenstheintegrationofcollaborativetoolsinitsintegration
withSkypeforBusinessServer2015,theSkypeforBusinessclient,andtheSkypefor
Businessmobileclient.SkypeforBusinessprovidesacoresetofSessionInitiation
Protocol(SIP)–basedenterprisevoicecapabilitiesthatallowsittoactasaPBXin
manycases.WithExchangeServer,SkypeforBusiness,Outlook,andtheSkypefor
Businessclient,usersenjoyfullUnifiedMessagingwithsoftware-basedtelephony
fromtheircomputer,includingthevoicemailandmissed-callnotificationprovidedby
ExchangeServerandOutlook.Furthermore,SkypeforBusinesscanlogchatand
instant-messageconversationlogstoafolderintheuser'smailbox.ExchangeServer
2016furtherpushesthisintegration,embeddingbasicinstantmessaging(IM)and
presencecapabilitiesintotheOutlookonthewebpremiumexperience.
Thecapabilitiesoftheclientcanbeextendedwiththird-partytoolsandforms-routing
softwaresothatelectronicformscanberoutedthroughemailtousers'desktops.
AboutMessagingServices
Electronicmessagingisfarmorethanemail.Together,ExchangeServer2016andits
clientsperformavarietyofmessaging-basedfunctions.Thesefunctionsincludeemail,
unifiedmessaging,messagerouting,scheduling,andsupportforseveraltypesof
customapplications.Togetherthesefeaturesarecalledmessagingservices.
ManyModesofAccess
Foryears,theonlywaytoaccessyouremailsystemwastouseaWindows,Mac,or
Unix-basedclientandaccesstheemailsystemdirectly.InthecaseofOutlookand
ExchangeServer,thisaccesswasoriginallyintheformofaMAPIclientdirectly
againsttheExchangeserver.AsExchangeServerhasevolved,ithasincludedsupport
forRPCoverHTTP,MAPIoverHTTP,ExchangeWebServices(EWS),andfinally
mobiledeviceaccess(viaActiveSync).ExchangeServer2016doesn'tofferany
radicallynewmodesofmailboxaccessasExchangeServer2007did,butitdoes
provideongoingsupportandrefinementofexistingExchangeServer2007
technologies,suchasExchangeWebServices,thatcanprovideadditionalmechanisms
foraccessingdatainmailboxesandamoveawayfromRPCinclientconnectivityin
favorofOutlookonthewebandmobiledevices.
Outlookontheweb(formerlyOutlookWebAccess)hasevolvedquicklyand,in
ExchangeServer2016,bearsalmostnoresemblancetotheoriginalversionfoundin
ExchangeServer5.0intermsoffeatures,functions,andthelookoftheinterface.
ExchangeServer2016OutlookonthewebisastepbeyondExchangeServer2013.It
expandsthepreviousoptionconfigurationexperienceoftheExchangeControlPanel
(ECP),whichgivesusersamuchgreaterdegreeofcontrolovertheirmailboxes,
contacts,andgroupmemberships.ECPisbuiltintotheOutlookonthewebinterface.
UsingECP,enduserscancreateandjoindistributiongroups(wherepermissionshave
beenassigned),tracktheirownmessagesthroughouttheorganization,andperform
otherfunctionsthatinExchange2010andearlierversionsrequiredhelp-deskorIT
professionalintervention.AnothersignificantfeatureofOutlookonthewebisthe
abilitytousetheweb-basedinterfacewhenworkingofflineandcompletely
disconnectedfromthenetwork.
WithExchangeServer2016,ExchangeActiveSync(EAS)continuestooffersignificant
partnershipswithandcontrolovermobiledevices.ManyvendorshavelicensedEAS
toprovidetheirmobiledeviceswithahigh-performance,full-featuredpushmobile
synchronizationexperiencethatextendsbeyondmobilephonesandintotablet
devices.
Withallofthesemechanismsforretrievingandsendingemail,itisnotunusualfor
userstoaccesstheirmailboxesusingmorethanonedevice.Insomecases,wehave
seenasingleuseraccessinghermailboxfromherdesktopcomputer,hertabletdevice
usingOutlookAnywhere,andherWindowsPhonedevice.
Inmediumandlargeorganizations,thefactthatusersareaccessingtheirmailboxes
frommorethanonedeviceormechanismwillaffectnotonlyhardwaresizingbut
also,potentially,yourlicensingcosts.
HowMessagingServicesAreUsed
Certainly,emailisakeyfeatureofanymessagingsystem,andtheOutlookCalendaris
farbetterthanpreviousversionsofMicrosoft'sappointmentandmeeting-scheduling
software.Outlook2016togetherwithExchangeServer2016introducesevenmore
synergy.Figure1.1andFigure1.2showtheOutlook2016clientCalendarandInboxin
action.
Figure1.1Outlook2016AppointmentschedulingonanExchangeServer2016
mailbox
Figure1.2TheOutlook2016clientInboxonanExchangeServer2016mailbox
Figure1.3showsthenewOutlookontheweb2016webbrowserclient.Outlookonthe
webprovidesthefull,premiumuserexperienceforbrowsersotherthanInternet
Explorer;italsosupportsMacOSXSafari,Firefox,andChrome.Thosecomingfrom
olderversionsofExchangeServerwillimmediatelynoticeacleaner,less-cluttered
interfaceandnewfunctionalitiessuchasOfflineUsage.
Figure1.3OutlookonthewebonanExchangeServer2016mailbox
Emailclientsareexcitingandsexy,buttogetthemostoutofExchangeServer2016
youneedtothrowawayanypreconceptionsyouhavethatmessagingsystemsareonly
foremailandscheduling.Thereallyexcitingapplicationsarenotthosethatusesimple
emailorschedulingbutthosethatarebasedontheroutingcapabilitiesofmessaging
systems.Theseapplicationsbringpeopleandcomputerstogetherforimproved
collaboration.
TheUniversalInbox
Emailsystemsareconvergingwiththeirvoicemailandenterprisevoice-solution
cousins.Theconceptofunifiedmessagingisnothingnewtoemailusers.Forthepast
20years,third-partyvendorshaveincludedemailintegrationtoolsforvoicemail,
networkfaxingsolutions,andthird-partyintegration.However,formost
organizations,integratedvoicemailremainstheexceptionratherthantherule.
ExchangeServer2007introducedintegratedvoice,whichExchangeServer2016
continuestoimprove.
OrganizationswithIP-basedtelephonesystemsortelephonesystemswithanIP
gatewaycaneasilyintegrateauser'svoicemailwiththeExchangeServeruser's
mailbox.TheExchangeServer2016UnifiedMessagingfeatureshandletheinteraction
betweenanorganization'stelephonesystemandExchangeServermailboxes.Inbound
voicemailistransferredintotheuser'smailboxasacross-platform-friendlyMP3file
attachment;thismessageincludesanOutlookorOutlookonthewebformthatallows
theusertoplaythemessage.Aswell,thevoicemailtextcanbetranscribedintothe
bodyoftheemailmessageforquickreadingbytheuserduringmeetingsorrapid
glancingattheInbox.BecausethedefaultformatisMP3inExchangeServer2016(it
wasaWindowsMediafileinExchangeServer2007,usingacustomcodec),thisfile
canbeeasilyplayedonmobiledevicesfromanymanufacturer,allowingeasyon-the-
goaccesstovoicemail.Ashortvoicemailmessagemaybeanywherefrom40KBto75
KBinsize,whereaslongervoicemailmessagesmayrangefrom200KBto500KBin
size.Oneestimatethatisfrequentlyusedforthesizeofavoicemailmessageisaround
5KBpersecondofmessage.
InboundvoicemailincreasesthedemandsonyourExchangeserverfromthe
perspectiveofrequireddiskspaceandpossibleadditionalserverhardware.Asan
administrator,youneedtoconsiderthis.
JusttheFax,Ma'am
InExchangeServer2007,theUnifiedMessagingfeaturesincludedtheout-of-the-
boxcapabilitytocaptureincomingfacsimile(fax)messages.Thereweresome
limitations,butitprovidedgoodbasicfunctionality.Foroutboundfaxcapability,
organizationshadtodeploysomeothersolution,typicallyathird-partyfax
package.
SinceExchangeServer2010,Microsoftmadethedecisiontocutthisfeature.
Whentalkingwiththeproductgroup,it'snothardtofigureoutwhy;theinbound-
onlyfaxfunctionalitywasn'tenoughforthecustomerswhoneededfax
integration.ExchangeServerneededtoeitheraddoutgoingfaxcapabilityandbeef
upitsfeatureset(andloseotherdesiredfunctionality)ordroptheexisting
functionalitybecausethemajorityofExchangeServer2007customersneededa
third-partyproductanyway.Althoughit'salwaysdisappointingtoloseafeature,
mostoftheorganizationswe'vetalkedtodidn'tuseittobeginwith.Wethinkthat
Microsoftdefinitelymadetherightcall,ifyou'llpardonthepun.
ArchitectureandCoreFunctionalityOverview
UnderstandingabitabouthowExchangeServerworksfromanarchitectural
perspectivewillhelpmakeyouabetteradministrator.Youdon'thavetobeableto
reproduceorwriteyourownclient/servermessagingsystem,butithelpstoknowthe
basics.
TheExtensibleStorageEngine
TheExchangeServerdatabaseusesahighlyspecializeddatabaseenginecalledthe
ExtensibleStorageEngine(ESE).Generically,youcouldsayitisalmostlikeSQL
Server,butthisistechnicallynottrue.Itisaclient/serverdatabaseandissomewhat
relationalinnature,butitisdesignedtobeasingle-userdatabase(theExchange
serveritselfistheonlycomponentthatdirectlyaccessesthedata).Further,the
databasehasbeenhighlytunedtostorehierarchicaldata,suchasmailboxes,folders,
messages,andattachments.
Withoutgoingintoalotoftechno-babbleonthedatabasearchitecture,itisimportant
thatyouunderstandthebasicsofwhatthedatabaseisdoing.Figure1.4shows
conceptuallywhatishappeningwiththeESEdatabaseasdataissenttothedatabase.
Instep1,anOutlookclientsendsdatatotheExchangeserver(theInformationStore
service);theInformationStoreserviceplacesthisdatainmemoryandthen
immediatelywritesthedataouttothetransactionlogfilesassociatedwiththat
database.
Figure1.4Exchangedataandtransactionlogs
Thetransactionlogthatisalwayswrittentoisthecurrenttransactionlogforthat
particulardatabase(e00.log,forexample).Eachtransactionlogfileisexactly1MBin
size,sowhenthetransactionlogisfilledup,itisrenamedtothenextsequential
number.Forexample,anoldtransactionlogfilemightbenamedlikethis:
e000004032.log.Weoftengetquestionsaboutthelogicofthetransactionlogs,and
howtheyreservespaceonthedisk,whethertheyareemptyorfull.Aneasywayto
lookatitistocomparealogfiletoacartonofmilk.Whenyouhaveacartonofmilk,it
alwaystakesupthesamespaceinyourfridge,emptyorfull.Thesameistrueofthe
logfiles.Emptylogfiles(currentlogfileandreservedlogfiles)areempty,orpartially
full;therenamed,old,logfilesarefull.However,theytakeupthesameamountof
spaceonthedisk.
Thedata,suchasnewemailmessagesthatentertheorganization,isretainedinRAM
forsomeperiodoftime(maybeaslittleas5secondsormaybeeven60secondsor
more)beforeitisflushedtothedatabasefile.Theactualperiodthatdataisretainedin
memorywilldependonhowmuchcachememoryisavailable,whattypesof
operationsarehappeninginthedata,andhowbusytheserveris.Theimportant
operation,though,istomakesurethatassoonasthedataissenttotheExchange
server,itisimmediatelyflushedtothetransactionlogfiles.Iftheservercrashes
beforethedataiswrittentothedatabasefile,thedatabaseengine(thestoreprocess)
willautomaticallyreadthetransactionlogfilesoncetheserverisbroughtbackupand
comparethemtothedatathat'sstoredinthecorrespondingmailboxdatabases.Any
inconsistencyisresolvedbyreplayingthemissingdataoperationsfromthe
transactionlogsbackintothedatabase,assumingthattheentiretransactionis
present;ifit'snot,theoperationsarenotwritten(andyoucanbeconfidentthatthe
operationwasn'tcompletedatthetimethecrashhappened).Thishelpsensurethat
theintegrityofthemailboxdatabaseispreservedandthathalf-completeddata
operationsaren'twrittenbackintothedatabaseandallowedtocorruptgooddata.
Thetransactionlogfilesareimportantforanumberofreasons.Theyareusedby
Microsoftreplicationtechnologies(asyou'lllearninChapter19,“Creatingand
ManagingMailboxDatabases”),buttheycanalsobeusedindisasterrecovery.The
transactionlogsarenotpurgedoffthelogdiskuntilafullbackupisrun;therefore,
everytransactionthatoccurredtoadatabase(newdata,modifications,moves,
deletes)isstoredinthelogs.Ifyourestorethelastgoodbackuptotheserver,
ExchangeServercanreplayandrebuildallthemissingtransactionsbackintothe
database—providedyouhaveallthetransactionssincethelastfullbackup.
InearlyversionsofExchangeServer,youhadtwoseparatemailstoreobjects:the
storagegroup,whichwasalogicalcontainerthatheldanassociatedsetoftransaction
logs,andthemailboxdatabase,asetoffilesthatheldtheactualpermanentcopiesof
usermailboxes.Youoftenhadmultiplemailboxdatabasesperstoragegroup,meaning
thatonesetoftransactionlogscontainedinterwoventransactiondataformultiple
databases(whichcouldhavedetrimentaleffectsonperformance,space,andbackups).
InExchangeServer2016,youstillhavemailboxdatabases.However,storagegroups
wereremovedinExchangeServer2010;eachmailboxdatabasenowhasitsown
integralsetoftransactionlogfiles.Infact,mailboxdatabases—whichwereonce
tightlycoupledwithspecificservers—canhavecopiesonmultipleserversinthe
organization,evenspreadacrossmultiplesites.Thisfunctionalitywasintroducedby
movingthemailboxdatabasesfromtheServerhierarchytotheOrganization
hierarchy,essentiallyrenderingthemasharedobjectthatcanbecomeactiveonany
serverintheorganization.Thedatabaseavailabilitygroupcontainerisnowavailable
tocontainserversthatparticipateinthereplicationofmailboxdatabaseswitheach
other.
ExchangeandActiveDirectory
WecouldeasilywritetwoorthreechaptersonhowExchangeServerinteractswith
ActiveDirectory,butthebasicswillhavetodofornow.ExchangeServerrelieson
ActiveDirectoryforinformationaboutitsownconfiguration,userauthentication,and
email-specificpropertiesformail-enabledobjectssuchasusers,contacts,groups,and
publicfolders.LookatFigure1.5toseesomeofthedifferenttypesofinteractionsthat
occurbetweenExchangeServerandActiveDirectory.
Figure1.5ActiveDirectoryandExchangeServer
BecausemostoftheExchangeServerconfigurationdataforanExchangeserveris
storedinActiveDirectory,allExchangeServerrolesmustcontactadomaincontroller
torequestitsconfigurationdata;thisinformationisstoredinaspecialpartitionof
ActiveDirectorydatabasecalledtheconfigurationpartition.Theconfiguration
partitionisreplicatedtoalldomaincontrollersintheentireActiveDirectoryforest.
NotethatyoucanhaveonlyasingleExchangeorganizationperActiveDirectory
forest.
EachoftheExchangeServercomponentsusesActiveDirectoryfordifferentthings.
Someofthosefunctionsinclude:
MailboxComponentsFormailboxoperations,ExchangeServermustquery
ActiveDirectorytoauthenticateusers,enumeratepermissionsonmailboxes,look
upindividualmailboxlimits,anddeterminewhichmailboxesareonaparticular
server.Theyalsorequireaccesstoglobalcatalogserverstolookupemail
addressinginformation,distributionlistmembershipinformation,andotherdata
relatedtomessagerouting.
ClientAccessComponentsForclientaccess,ExchangeServerrequiresaccessto
ActiveDirectorytolookupinformationaboutusers,ExchangeActiveSync,and
Outlookonthewebuserrestrictions.
ControllingMailboxGrowth
AsusershavebecomemoresavvyandcompetentatusingOutlookandthefeaturesof
ExchangeServer,andemailmessagesthemselveshavebecomemorecomplex,the
needforemailstoragehasgrown.BackinthedaysofExchangeServer4.0,an
organizationthatgaveitsusersa25MBmailboxwasconsideredgenerous.With
ExchangeServer2003,atypicaluser'smailboxmayhaveastoragelimitof300to500
MB,withpowerusersandVIPsrequiringevenmore.AtTechEd2006,Exchange
Servergurusweretossingabouttheideathatinthefutureadefaultmailboxlimit
wouldbecloserto2GBasusersstartincorporatingUnifiedMessagingfeatures.
Currentdiscussionsnowlookforwardtoandassumeunlimited-sizedmailboxes
withinthenextfewyears.
Weallseeuserswithmailboxsizesinthegigabyterange,butisyourorganization
preparedforatypicaluserwithanunlimitedmailboxsize?Whatsortofconcernswill
youfacewhenyouraverageuserhas25GB,50GB,100GB,orevenunlimitedcontent
(notjustemail!)intheirmailbox?
Certainly,theneedformorediskstoragewillbethefirstfactorthatorganizations
needtoconsider.However,diskstorageisreasonablycheap,andmanylarger
organizationsthataresupportingthousandsofmailboxusersonasingleMailbox
serveralreadyhavemorediskspacethantheycanpracticallyuse.Thisisduetothe
factthattheyrequiremorediskspindlestoaccommodatethenumberof
simultaneousI/Ospersecond(IOPS)thatarerequiredbyalargenumberofusers.
WhileearlyversionsofExchangeServerwereprimarilyperformance-bound
meaningthattheywouldrequiremoredriveperformancebeforetheyrequiredmore
diskcapacity—versionssinceExchangeServer2007havesolidlypushedthattobeing
capacity-bound.Withtheperformancecharacteristicsandcapacitiesofmodern
drives,itbecomesfeasibletoeconomicallyprovisionExchangeServerstoragein
supportoflargemailboxes.
Formostadministratorswithlargeamountsofmailstorage,theprimaryconcernthey
faceistheabilitytoquicklyandefficientlyrestoredataintheeventofafailure.These
administratorsareoftenfacedwithservice-levelagreementsthatbindthemto
maximumrestorationtimes.Ineventhemostoptimalcircumstances,a300GB
mailboxdatabasewilltakesometimetorestorefrombackupmedia.However,these
issueshavelargelybeenmitigatedbytheuseofdatabaseavailabilitygroups(DAGs),
whichensureconstantcopiesofmailboxdatabasesthatresideonotherservers,
essentiallyprovidingaconstantlivebackupofmailboxdatabasesonotherservers,
andinotherdatacenters.
MicrosoftrecommendsthatyoudonotallowanExchangeServermailboxdatabaseto
growlargerthan200GBunlessyouareimplementingcontinuous-replication
technologiesinExchangeServer2016.Ifyouusedatabaseavailabilitygroupsto
replicatedatabasestomultipleservers,themaximumdatabasesizerecommendation
goesup(wayup)to2TB.However,themaximumsupporteddatabasesizeisactually
64TB.Ifyourequiremorethanthemaximumrecommenddatabasestorage,
ExchangeServer2016StandardEditionallowsyoutohaveupto5mailboxdatabases
andExchangeServer2016EnterpriseEditionallowsyoutohaveupto100.
Thesolutioninthepastwastorestraintheusercommunitybypreventingthemfrom
keepingallofthemaildatathattheymightrequireonthemailserver.Thiswasdone
byimposinglowmailboxlimits,implementingmessage-archivalrequirements,
keepingdeleteditemsforonlyafewdays,andkeepingdeletedmailboxesforonlya
fewdays.
However,asUnifiedMessagingdataarrivesinauser'smailboxandusershave
additionalmechanismsforaccessingthedatastoredintheirmailbox,keepingmail
dataaroundlongerisademandandarequirementforyourusercommunity.The
ExchangeServer2016archivemailboxfeaturealsodrivestheneedformorestorage,
asmessagearchivalmovesawayfromthePSTfilesandbackintoExchangeServerin
theformofarchivemailboxes.Thosearchivemailboxescanbesegregatedtoa
dedicatedmailboxdatabaseandbesettoadifferentbackupscheduleandtheirown
setofmanagementpractices.
PersonalFoldersorPSTFiles
Whilewe'reonthesubjectofPSTfiles,let'sdiscussthispeskyfeatureofclient
management.TheOutlookPersonalFolder,orPSTfiles,canbetheverybaneofyour
existence.Outlookallowsuserstocreatealocaldatabase,namedPersonalFolder,in
whichuserscancreatefoldersandarchiveemail.Althoughthisseemslikeagood
featureonthesurface,thereareafewdownsides:
Oncedataisinauser'sPSTfile,you,astheserveradministrator,havelostcontrol
ofit.Ifyoueverhadtofindallcopiesofacertainmessage,perhapsforalawsuit,
youwouldbeoutofluck.PSTscanbecomeamanagementandsecuritynightmare
asdataissuddenlydistributedalloveryournetwork.
ThedatainPSTfilestakeupmorespacethanthecorrespondingdataonthe
server.
ThedefaultlocationforaPSTisthelocalportionoftheuser'sprofile;thismeansit
isstoredonthelocalharddiskoftheircomputerandisnotbackedup.
PSTfilescangetcorrupted,becomemisplaced,orevenbelostentirely.PSTsare
notdesignedforaccessoveranetworkconnection;they'remeanttobeonthelocal
harddrive,whichwastesspace,aswellascomplicatesthebackupand
managementscenarios.
StartingwithExchangeServer2010,PersonalArchivesstoredontheservercanbe
populatedfromPSTfiles,thereforeofferingatruealternativetothosepeskylocal
files.
EmailArchiving
Sometimes,managingamailserverseemslikeaconstantracebetweenITandusers
tokeepusersfromlettingtheirmailboxrunoutofspace.Usersarepackratsand
generallywanttokeepeverything.Ifthereisabusinessreasonforthemtodoso,you
shouldlookatwaystoexpandyouravailablestoragetoaccommodatethem.
However,asdatabasesbecomelargerandlarger,theExchangeserverwillbemore
difficulttomanage.Youmightstartrequiringhundredsandhundredsofgigabytes(or
eventerabytes)ofstorageforemaildatabases.Worsestill,performingbackupsand
datarecoverytakelonger.
ExchangeServer2016providessomearchivingfeatures,suchasthePersonalArchive.
Also,largemailboxescouldbemovedtoanOffice365subscription,inahybrid
coexistencemodel.
Forthoseorganizationsthatarenotoptingtoheadouttothecloudordonotchoose
Office365astheiremailsolution,thisiswhereemailarchivingbecomesuseful.The
lasttimewecounted,severaldozencompanieswereinthebusinessofsupplying
emailarchivingtoolsandservices.Archivingproductsallhavealotoffunctionsin
common,includingtheabilitytokeepdatalongterminemailarchival,toallowthe
userstosearchfortheirowndata,andtoallowauthorizeduserstosearchtheentire
archive.
Ifyoulookathowemailisarchived,archivesystemsgenerallycomeinoneofthree
flavors:
Systemsthatdependonjournalingtoautomaticallyforwardeveryemailsentor
receivedbyspecifiedusersontothearchivesystem.
Systemsthatperformascheduled“crawl”ofspecifiedmailboxes,lookingfor
messagesthatareeligibletobemovedorcopiedtothearchive.
Systemsthatmovedatatothearchivebycopyingthelogfilesfromtheproduction
Mailboxserversandthenreplayingthelogsintothearchive.Thisiscalledlog
shipping.
Eachofthesemethodshasitsadvantagesanddisadvantageswithrespecttousing
storage,providingacompletearchive,anddealingwithperformanceoverhead.
Intheprevioussection,wediscussedbrieflythearchivemailboxasanalternativeto
themanagementofPSTfiles.However,itsabilitygoesbeyondthemanualmoveof
emailmessagestoadedicatedlocationontheserver.Foranyuserwhorequiresemail
archival,aPersonalArchivecanbecreatedforthatuser.Asemailagespastacertain
point,themailismovedfromtheactivemailboxtothearchivemailboxbyusing
ArchivePolicies.Theusercanstillaccessandsearchthearchivemailboxfrom
OutlookontheweborOutlook,though.TheemaildataremainsontheExchange
serverand,therefore,doesnotrequireanadditionalemailarchivalinfrastructure.
Weoftenareaskedifthisinformationcanbemadeavailableoffline;keepinmind
thatitcannot.PersonalArchivescannotbeincludedinOfflineStores(OST)files.This
isbydesign,andwe'rekindofgladthatitworksthisway,becausewearecontinuously
tryingtoreducetheemailfootprintontheclientcomputers.OSTfilesgetverylarge,
veryfast,andcancauseplentyofheadachesaswell.NotethatwithOutlook2013and
Outlook2016,youcanadjusthowmanydays,weeks,months,oryearstosyncoffline.
IfIUseaThird-PartySolution,DoesItMatterHowIArchive?
Everythird-partyarchivalvendorisgoingtotellyouhowtheirproductisbestand
giveyoulongtechnicalreasonswhytheirapproachissomuchbetterthanthe
competition's.Thedirtylittlesecretisthatallthreeapproacheshavetheirpros
andcons:
JournalingisbasedonSMTP.Ifcontentdoesn'trunacrossSMTP,itwon't
getjournaledand,therefore,won'tgetarchived.Journalingisgreatfor
capturingmessagingandcalendaringtrafficthatinvolvesmultiplepartiesor
externalentities,butitwon'tcapturewhathappenstomessagesandother
mailboxdataoncethey'reinthemailbox.Journalingcanalsoplacean
additionalloadontheHubTransportservers,dependingontheamountand
typeofmessagingtrafficyourusersgenerate.
Crawlingcancapturechangesonlyatcertainintervals;itcan'tcaptureevery
singlechange,eventhoughitovercomesmanyofthelimitationsofjournaling.
Forexample,ifoneusersendsamessagetoanotherinviolationofpolicyand
bothhard-deletetheircopyofthemessagebeforethenextcrawlinterval,that
messagewon'tbedetectedandarchived.Themoreoftenyouschedulethe
crawl,themoreofaperformanceimpactyourMailboxserverswillsuffer.
Logshippingisthebestofalloptions;itcaptureseverytransactionand
change,allowingyoutocapturetheentirehistoryofeachobjectwhile
offloadingtheperformancehitfromyourExchangeservers.However,the
ExchangeServerproductteamdoesnotliketheconceptoflogshippingand
triestodiscourageitsuse—mainlybecausetherearevendorswhotrytoinject
databackintoExchangeServerbymodifyinglogs.This,needlesstosay,
resultsinmailboxdatathatwon'tbesupportedbyMicrosoft.
PublicFolders
Theend-userexperienceforpublicfoldershasnotchangedinExchangeServer2016,
thoughthearchitecturehaschangedinrecentyears—mainlythestorageofthepublic
folders,whichisnowinamailboxdatabase,insteadofthepublicfolderdatabase.
Publicfoldersareforcommonaccesstomessagesandfiles.Filescanbedraggedfrom
file-accessinterfaces,suchasFileExplorer,anddroppedintopublicfolders.The
wholeconceptofpublicfoldershasmanyorganizationsinaquandaryastheytryto
figureoutthebestplaceforthesecollaborativeapplications.Increasingly,applications
thatwereonce“bestsuited”forapublicfolderarenowbettersuitedforwebpagesor
portals,suchasSharePointworkspaces.Althoughthewholeconceptofpublicfolders
isperceivedasbeingdeemphasizedsinceExchangeServer2007,Microsoftcontinues
tosupportpublicfolders,andmanyorganizationswillcontinuetofinduseful
applicationsforpublicfoldersfortheforeseeablefuture.
Akeychangeinpublic-folderstorageoccursinExchangeServer2016,onethatfinally
breakstheparadigmofdedicatedpublicfolderdatabasesandpublicfolderreplication.
AlthoughwediscussthischangeinChapter2,“IntroducingtheChangesinExchange
Server2016,”wejustbrieflynoteherethatpublicfoldersarenowstoredinmailbox
databasesandcanbereplicatedasmailboxdatabasecopiesinadatabaseavailability
group.
Youcansetupsortingrulesforapublicfoldersothatitemsinthefolderare
organizedbyarangeofattributes,suchasthenameofthesenderorcreatorofthe
itemorthedatethattheitemwasplacedinthefolder.Itemsinapublicfoldercanbe
sortedbyconversationthreads.Publicfolderscanalsocontainapplicationsbuilton
existingproductssuchasWordorExcelorbuiltwithExchangeServerorOutlook
FormsDesigner,clientorserverscripting,ortheExchangeServerAPIset.Youcanuse
publicfolderstoreplacemanyofthemaddeningpaper-basedprocessesthataboundin
everyorganization.
Foreasyaccesstoitemsinapublicfolder,youcanuseafolderlink.Youcansenda
linktoafolderinamessage.Whensomeonenavigatestothefolderanddouble-clicks
afile,thefileopens.Everyonewhoreceivesthemessageworkswiththesamelinked
attachment,soeveryonereadsandcanmodifythesamefile.Aswithdocument
routing,applicationssuchasMicrosoftWordcankeeptrackofeachperson'schanges
toandcommentsonfilecontents.Ofcourse,youruserswillhavetolearntolivewith
thefactthatonlyonepersoncaneditanapplicationfileatatime.Mostmodernend-
userapplicationswarntheuserwhensomeoneelseisusingthefileandifsoallowthe
usertoopenaread-onlycopyofthefile,whichofcoursecan'tbeedited.
ThingsEveryEmailAdministratorShouldKnow
Theinformationinthissectionissomethingthatweoftenfindevenourownemail
administratorsandhelp-deskpersonnelunawareof.Sometimesthemostimportant
skillanytechnologyadministratorhasisnotaspecificknowledgeofsomethingbut
genericknowledgethattheycanusetoquicklyfindtherightanswer.
ADayintheLifeoftheEmailAdministrator
W
eknowandworkwithalotofemailadministrators,andwecanhonestlysaythatno
twopeoplehavethesamesetoftasksrequiredofthem.YourCEO,directorof
informationtechnology,orevenyoursupervisorisgoingtoaskyoutopullrabbitsout
ofyourhat,sodon'texpecteverydaytobethesameasthelastone.(Andinvestin
somerabbits.)Keepupwithyourtechnologyandsupportingproductssothatyoucan
b
ereadywithanswersorattheveryleastintelligentresponsestoquestions.
DailyAdministrativeTasks
So,whataresometypicaltasksthatyoumayperformaspartofyourdutiesasan
emailadministrator?Thesetaskswilldependonthesizeofyourorganization,the
numberofadministratorsyouhaverunningyourExchangeServerorganization,and
howadministrativetasksaredividedup.
RecipientManagementTasksThesearecertainlythebiggestday-to-daytasks
thatmostExchangeServeradministratorsinmediumandlargeorganizationswill
experience.Recipientmanagementtasksmayinclude:
Assigningamailboxtoauseraccount
Creatingmail-enabledcontacts
Creatingandmanagingmailgroups
Managingmail-enabledobjectpropertiessuchasusers'phonenumbers,
assigningmoreemailaddressestoauser,oradding/removinggroupmembers
BasicMonitoringTasksTheseensurethatyourExchangeserversarehealthy
andfunctioningproperly:
Checkingqueuesforstalledmessages
Verifyingthatthereissufficientdiskspaceforthedatabasesandlogs
Makingsurethatthemessage-hygienesystemisfunctioningandup-to-date
Runningandverifyingdailybackups
Reviewingtheeventlogsforunusualactivity,errors,orwarnings
CheckingPerformanceMonitortogaugehowtheExchangeserversare
performing
DailyTroubleshootingTasksTheseincludethefollowing:
Reviewingnondeliveryreportmessagesandfiguringoutwhysomemailyour
usersaresendingmightnothavebeendelivered
Lookinguperrorsandwarningsthatshowupintheeventlogstodetermineif
theyareseriousandwarrantcorrectiveaction
Lookingatmailflowintheorganizationtoidentifywhydeliverytosome
recipientsistakingalongtime
Security-RelatedTasksSomeoftheseareperformeddaily,whileothersare
performedonlyweeklyormonthly:
Lookingatserverandserviceuptimestoensurethatserversarenotrebooting
unexpectedly
Reviewingtheeventlogsforwarningsthatmayindicateusersare
inappropriatelyaccessingotherusers'data
SavingtheIIS(InternetInformationServices)andSMTPandconnectivitylogs
orevenreviewingtheircontent
EmailClientAdministrationTasksTheseincludethefollowing:
TroubleshootingAutodiscoverconnectivityandclientissues
DiagnosingproblemswithmobileortabletdevicesthatuseExchange
ActiveSyncconnectivity
ApplicationIntegrationTasksTheseareperformedonanas-neededbasisand
mayincludethefollowing:
EstablishinganddiagnosingSMTPconnectivitywithemail-enabledthird-party
applicationssuchaswebservers
Configuring,testing,andtroubleshootingUnifiedMessaginginteroperability
withvoiceandSessionInitiationProtocol(SIP)systems
Configuring,testing,andtroubleshootingconnectivitywithSharePointServer
sitemailboxes
CommunicatingwithYourUsers
Communicatingwithyourusersisprobablyoneofthemostimportantthingsyoudo.
Keepingyourusersinformedanddeliveringgoodcustomerservicearealmostas
importantasdeliveringtheITserviceitself.Keepingusersinformedoffullorpartial
serviceoutagessuchasmobileoriPhonesupportorwebconnectivitymaynotscore
anyimmediatepoints,butusersappreciatehonest,forthrightinformation.Remember
howyoufeltthelasttimeyouwerewaitingforanairplanetoarrivethatkeptonbeing
delayedanddelayed,andalltheairlinecoulddowasbeevasive?
Also,remembertohavemultipleavenuesofcommunicationavailabletoyourusers.
Forexample,youmayneedtogetouttoyourusersthemessagethatyouwillbe
havingdowntimeontheweekend.Postingsonyourcompanyintranetoreventhe
bulletinboardinthecafeteriaoronthewalloftheelevatoraregoodwaystokeep
yourusersinformed.
PreparingReports
MaybewehavejustworkedinlargeITenvironmentsfortoolongnow,butitseemsto
usthatinformationtechnologyismoreandmoreaboutreportsandmetrics.Weare
frequentlyaskedtoprovidereports,statistics,andinformationonusage—not
necessarilyinformationonperformance(howwellthesystemperformedforthe
users)butothertypesofmetrics.Dependingonyourmanagement,youmaybeasked
toprovidethefollowing:
Totalnumberofmailboxesandmailboxsizes
Topsystemusersandtopsource/destinationdomains
Antispamandmessage-hygienestatistics
Diskspaceusageandgrowth
Systemavailabilityreportsindicatinghowmuchunscheduleddowntimemayhave
beenexperiencedduringacertainreportingperiod
Totalnumberofmessagessentandreceivedperday
Averageend-to-endemaildeliverytime
Exchangedoesnotprovideyouwithawaytoeasilyaccessmostofthisdata.The
mailboxstatisticscanbegeneratedusingtheExchangeManagementShell,butmany
ofthesewillactuallyrequireanadditionalreportingproduct,suchasSystemCenter
2012R2.
Somethingthatyoucandotoprepareforareportingrequirementistoensurethat
youarekeepingtwotofourweeks'worthofmessage-trackingandprotocollogs.
ScheduledDowntime,Patches,andServicePacks
Asthediscussionovermovingto“thecloud”becomesmoreprevalentinmost
industries,thecommonargumentthatkeepsoncomingbackinfavorformoving
ExchangeServerservicestosomeversionofExchangeOnlineorOffice365isserver
availability.Noonelikesdowntime,whetheritisscheduledornot.Managementmay
actuallybeholdingyoutoaspecificservice-levelagreement(SLA)thatrequiresyouto
providesomanyhoursofuptimepermonthortoprovideemailservicesduring
certainhours.Unscheduleddowntimeisanythingthathappensduringyourstated
hoursofoperationthatkeepsusersfromaccessingtheiremail.
Evenasmallorganizationcanprovideverygoodavailabilityforitsmailservices,and
withoutlargeinvestmentsinhardware.Goodavailabilitybeginswiththefollowing:
Serverhardwareshouldalwaysbefromareputablevendorandlistedinthe
MicrosoftServerCatalog.
Serverhardwareshouldbeinstalledusingthevendorrecommendedprocedures
andupdatedregularly.Problemswithserversarefrequentlycausedbyoutdated
firmwareanddevicedrivers.
Oncetheserverisinproduction,itshouldnotbeusedasatestbedforother
software.Keepanidenticallyconfiguredserverthatusesthesamehardwarefor
testingupdates.
Don'tunderestimatetheimportanceoftraininganddocumentation.Ingeneral,the
industryformulaforprovidingbetteravailabilityforanysystemistospendmore
moneytopurchaseredundantserversandbuildfailoverclusters.Butoftenbetter
trainingforITpersonnelandasimpleinvestmentinsystemdocumentation,aswellas
systempoliciesandprocedures,canimproveavailability—andforlessmoney.
InternalStaffTrainingIsJustasImportantasYourInfrastructure
CompanyLMNOPinvestedhundredsofthousandsofdollarsintheir
infrastructuretoimproveserveruptime.Threemonthsintotheoperationofthe
newsystem,anuntrainedoperatoraccidentallybroughtdowna15,000-mailbox
databaseavailabilitygroup(DAG)simplybecausehehadbeenaskedtodoatask
hehadneverdonebeforeandtheorganizationdidnothavedocumentationon
howtoproceed.Sokeepinmindthatdocumentation,training,andproceduresare
veryimportantinimprovinguptime.
Eventhebiggestmailboxserversinlargedatabaseavailabilitygroupsneedsome
scheduleddowntime.Evenifitisscheduledintheweehoursofthemorning,
undoubtedlysomeone,somewhere,somehowwillneedaccesswhenyouareworking
onthesystem.Thankfully,theDAGsolutionforhighavailabilityensuresthatusers
maynevernoticethescheduledserverdowntime,sincemailboxservicescanbe
switchedovertoanothermemberserverintheDAG.Thatbeingsaid,whenyouare
drivingyourcarwithnosparetireinthetrunk,youaremorevulnerabletoaflattire.
ThesameistrueoftheDAG,becausewhenamemberserverisofflinefor
maintenance,theDAGlosesapotentialmailboxserverthatiscapableoftakingover
intheeventofserverfailure.
Whenyourscheduleddowntimewillaffectcomponentsthatcanimpactserver
availabilityforyourusers,thatdowntimeshouldbewellcommunicated.Also,you
shoulddocumentyourscheduleddowntimeaspartofyouroperationalplansandlet
yourusercommunityknowabouttheseplans.Thespecifictimewindowfor
maintenanceshouldalwaysbethesame;forsomeorganizations,thismightbe6:30
pmto10:30pmonThursdayoncepermonth,whereasotherorganizationsmight
scheduledowntimefrom11:00pmSaturdayuntil4:00ameverySunday.
Thenumber-onereasonfordowntimeistoapplyupdatesandfixestotheoperating
systemortotheapplicationsrunningontheserver.Microsoftreleasesmonthly
securityupdatesfortheoperatingsystemandapplicationsifvulnerabilitiesare
discovered.Everyfewmonths,MicrosoftreleasesupdatesforExchangeServer2016
thatfixbugsorthatmayevenaddslightfunctionality.NewforExchangeServer2016,
Microsoftusesaquarterlyupdatereleasecycle.Eachquarter,acumulativeupdate
(CU)isreleasedforExchangeServer2016.YoucaninstalltheCUinyour
environmenttoupdateitwiththelatestupdatesandfixes,andyoudonotneedto
installpreviousCUsbeforeyouinstallthelatestCU.
Microsoft'supdatesareusuallydownloadedtoyourserversshortlyaftertheyare
released.TheservercandownloadthemdirectlyfromMicrosoft,ortheycanbe
downloadedfromWindowsSoftwareUpdateService(WSUS),MicrosoftSystem
CenterConfigurationManager2012R2,oranotherthird-partyserverinsideyour
network.Whicheveryouchoose,itisimportantthatyoumakesurethatthemachine
isaserverandnotaworkstation.Forexample,makesuretheautomaticupdates
componentofWindowsServerisconfiguredcorrectly.Figure1.6showstheChange
SettingsoptionsforWindowsUpdate.
Figure1.6Configuringautomaticupdates
ForproductionExchangeservers,youshouldconfiguretheserverwiththeoption
DownloadUpdatesButLetMeChooseWhetherToInstallThem.Thisisanimportant
settingbecauseifyouchoosetheInstallUpdatesAutomatically(Recommended)
option,theserverwillautomaticallyapplyanyupdatewithinadayorsoof
downloadingit.Thisisnotadesirableactionforaproductionmailserver.Instead,you
wanttheservertodownloadtheupdatesandnotifyyouviatheupdatesiconinthe
systemtray.Youcantheninvestigatetheupdatesandscheduleappropriatedowntime
toapplythemmanually.
FindingAnswers
Thistopicdeservesspecialattention.OneofourjobsisworkinginTier3supportfora
largeorganization.Thethingwerespectthemostabouttheadministratorswho
actuallyrunthesystemandhandlethetroubleticketsisthattheydotheirhomework
priortocomingtouswithaproblem.
Toooftentechiesmakeupananswerwhentheyarenotsureaboutsomething.Don't
dothat!Whenyouareaskedaquestionthatyoudon'tknowtheanswerto,itisokay
tosayyoudon'tknowtheanswer—butmakesuretofollowthatupbyindicatingthat
youwillfindtheanswer.Knowingtherightresources(wheretogetanswers)isjustas
importantasthetechnicalknowledgeittakestoimplementtheanswer.Keyplayersin
yourorganizationwillrespectyoumuchmorewhentheyknowthatyouarewillingto
acceptthelimitationsofyourknowledgeandhavetheappropriateresourcestofind
theresolutiontoaproblemortheanswertoaquestion.
HelpfulResources
ExchangeServerhastobeoneofthemostdocumentedanddiscussedproducts(short
ofmaybeWindows)thatMicrosoftproduces.Thismeansthatmostofthequestions
thatwehaveaboutExchangeServercanusuallybeansweredviatherightsearchorby
lookingintherightplace.Themostobviousplacetostartwhenyouhaveaproblemor
aquestionistoperformanInternetsearch,butmanyotherresourcesareavailable:
ExchangeServerDocumentationThereisaworldoffreeinformationonthe
Internet,butlet'sstartrightonthelocalharddiskofyourExchangeServerorany
placeyouhaveinstalledtheadmintools.Microsofthasdoneanexcellentjobof
providingbetterandbetterdocumentationforExchangeServeroverthepastfew
years.TheExchangeServer2016documentationiscomprehensiveandsoreadable
youwillwonderifitisreallyfromMicrosoft.Alinktothedocumentationcanbe
foundintheinstallationdirectoryofExchangeServer.Lookforthefollowingfile:
C:\ProgramFiles\Microsoft\ExchangeServer\v15\Bin\ExchHelp.url
YoucanalsorunitfromtheMicrosoftExchangeServer2016folderontheStart
menu.EitheroptionwillopenawebbrowserthatnavigatestotheTechNet
referencelibraryforExchangeServer.
ExchangeServerReleaseNotesAnothergoodresourcefor“IwishIhadknown
that”typesofthingsisthereleasenotes.Youshouldbeabletofindalinktothe
releasenoteshere:
C:\ProgramFiles\Microsoft\ExchangeServer\v15\
ExchangeServerForumsIfyouhaveaquestionforwhichyouhavedoneyour
duediligenceinsearchingandresearchingtheproblembutyoudon'thavean
answer,itistimetoasktheworld.AgoodplacetostartistheMicrosoftforums,
alsoknownassocial.technet.microsoft.com.YoucanfindtheExchangeServer
sectionhere:
http://social.technet.microsoft.com/forums/en-US/category/exchangeserver/
Whenyoupostyourquestion,pleasetakeamomenttothinkaboutwhat
informationtheotherreadersaregoingtoneedtoansweryourquestion.
Althoughyoucanpostavaguequestionsuchas“Exchangeisgivingmeanerror,
doingsoisonlygoingtoresultin(atbest)delayswhileotherforumparticipants
havetorequestspecificinformationfromyou.Instead,posttheexacterror
messageandanyerrorcodesyouareseeing.Also,indicate,atminimum,what
versionofthesoftwareyouareusing(includingservicepack),theroleofthe
server,andwhatoperatingsystemyouareusing.
YouHadMeatEHLOThisistheMicrosoftExchangeTeam'sblog.Thisisthe
bestsiteontheInternetforgettingtheinsidescooponhowExchangeServer
works,bestpractices,andthefutureofExchangeServer.Youcanreadarticles
writtenbyExchangeServerdevelopersandCustomerSupportServicesengineers.
Whenchangestotheproductareannounced,orcustomersrequestchangesinthe
product,youwillhearfirstfromtheproductgroupengineersaboutthewaythey
havechosentodealwiththeissue.
http://blogs.technet.com/b/exchange/
MSExchange.OrgWebsiteOneofthebestsitesontheInternetforfree,easy-
to-accesscontentaboutExchangeServeriswww.msexchange.org.Thearticlesare
writtenbyExchangeServergurusfromallovertheworldandareusuallyinthe
formofeasy-to-readandeasy-to-followtutorials.Thereisalsoaforumssection
whereyoucanpostquestionsorreadotherpeople'squestions.
CallingforSupport
Ifyoursystemisdownoryouroperationsareseriouslyhinderedandyoudon'thavea
cluewhattodonext,itistimetocallinthebigguns.Sure,youshoulddosome
Internetsearchestotrytoresolveyourproblem,butInternetnewsgroupsandforums
arenottheplacetogetsupportforbusiness-criticalissues.
MicrosoftProductSupportServices(PSS)isMicrosoft'stechnicalsupport
organization.Itshomepageishttp://support.microsoft.com.Professionalsupport
options(rangingfrompeer-to-peersupporttotelephonesupport)canbefoundatthe
followingURL,whereawebbrowser–basedwizardguidesyouthroughyoursupport
options:
https://gettechsupport.microsoft.com/default.aspx?locale=en-us&supportregion=en-
us&pesid=14886
IfyoudonothaveaMicrosoftPremieragreement,Microsofttelephonesupportmay
seemtobeabitexpensive,butbelieveme,whenanExchangeserverisdownandthe
usersareburningyouineffigyinthecompanyparkinglot,afewhundreddollarsfor
businesshourssupportischeap.
Whenyoucallandgetasupporttechnicianonthephone,don'tbesurprisedor
offendediftheystartatthebeginningandaskyoualotofelementaryquestions.They
havetodouble-checkeverythingyouhavedonebeforetheycanlookintomore
advancedproblems.Frequently,oneofthesebasicquestionswillhelpyoulocatea
problemthatyouwereconvincedwasmorecomplicatedthanitreallywas.Thoughthe
beginningofthecallmaybeunderwhelming,thetechnicianwillstaywithyouonthe
phoneuntiltheproblemisresolvedorsomekindofanacceptableresolutionisputin
place.
WealwaysencouragepeopletocallPSSiftheytrulyneedassistance.ButPSS
engineersarenotmindreaders,nordotheyknoweverybitofExchangeServercode.
YouwilldobothyourselfandthePSSengineerabigfavorifyouhaveallofyourducks
inarowbeforeyoucall.Dothefollowingbeforeyoucall:
Attemptagracefulshutdownandrestartoftheserverinquestion,ifapplicable.
Performacompletebackupifpossible.
Haveacomplete,documentedhistoryofeverythingyouhavedonetosolvethe
problem.Atthefirstsignoftrouble,youshouldstartkeepingachronologicallogof
thethingsyoudidtofixtheproblem.
Findoutifyouareallowedtoinitiatesupportsessionswithremotesupport
personnelthroughatoollikeSkypeforBusiness2015orWebEx.
Beatatelephonethatisphysicallyattheserver'sconsole,orbeinaplacewhere
youcanaccesstheserverremotelyviatheRemoteDesktopclient.Yoursupport
callwillbeverybriefifyoucannotimmediatelybegincheckingthingsforthePSS
engineer.
Havetheusernamesandpasswordsthatwillprovideyouwiththerightlevelof
administrativeaccess.Ifyoudon'thavethose,havesomeonenearbywhocanlog
youin.
Savecopiesoftheeventlogs.BepreparedtosendthesetoPSSifrequested.
Knowthelocationofyourmostrecentbackupandhowtoaccessitwhenneeded.
Keepcopiesofallerrormessages.Don'tparaphrasethemessage.Screencaptures
workgreatinthiscase.PressingAlt+PrintScrn(orusingtheSnippingtool)and
savingthescreencaptureasafileworksgreat,too.Weusuallycreateadocument
withscreencapturesalongwithnotesofwhatweweredoingwhenwesaweach
message.
Bepatient;telephonesupportisaterriblydifficultjob.Alittlekindness,patience,and
understandingonyourpartwillmostcertainlybereturnedbythePSSengineer.
ToolsYouShouldKnow
Outofthebox,ExchangeServerisanexcellentproduct,butsometimesthebase
softwarethatyouinstallcanusesomeassistance.Someofthesetoolsareactually
installedwithExchangeServer,whereasyoumayneedtodownloadothertools.
PowerShellandtheExchangeManagementShellEvenhereintheveryfirst
chapters,weareextollingthevirtuesofPowerShell.PowerShellenablessome
basicWindowsmanagementfunctions,suchasmanagingeventlogsandservices,
tobeperformedviaacommand-lineinterface.Thisinterfaceissimpletouseand
easytolearn,evenforaGUIguy.TheExchangeServerteampioneeredthe
adoptionofPowerShellwhentheybuilttheentireExchangeServer2007
managementinterface,knownastheExchangeManagementShell(EMS),asan
extensiontoPowerShell.ExchangeServer2013andExchangeServer2016
continuetofollowthispattern.
Althoughalmosteverychapterinthisbookwillincludeatleastsomeinformation
aboutusingEMStoperformExchangeServermanagementtasks,wehave
dedicatedallofChapter5,“IntroductiontoPowerShellandtheExchange
ManagementShell,”tohelpingyoulearnyourwayaroundEMS.
ExchangeManagementShellTestCmdletsTheExchangeManagementShell
hasaseriesofcommand-linetoolsthatareverygoodfortestinganddiagnosing
problems.TheseincludetoolsfortestingOutlookonthewebconnectivity,Unified
Messagingconnectivity,Outlookconnectivity,andevenmailflow.Theyare
installedwhenyouinstalltheExchangeServer2016ManagementTools.Formore
information,attheEMSprompt,enterGet-Excommandtest*.
MicrosoftRemoteConnectivityAnalyzer(PreviouslyExchangeRemote
ConnectivityAnalyzer)Availableatwww.testexchangeconnectivity.com,the
RemoteConnectivityAnalyzerislikelygoingtobethemostusefultoolinyour
troubleshootingarsenal.InitiallystartedasasideprojectbytwoMicrosoft
employees,thiswebsiteactsastheultimateconnectivitytroubleshootingcatch-all.
ThebasictroubleshootingscenariosforExchangeServer2016(on-premises)are
showninFigure1.7.
Thoseofyouwhohaveused“analyzers”fromMicrosoftinthepastmayremember
theExchangeBestPracticesAnalyzer(ExBPA).TheRemoteConnectivityAnalyzer
shouldnotbeconfusedwiththeExBPA.Infact,anewversionoftheExBPAhas
notbeenreleasedforExchangeServersinceExchangeServer2010.
Figure1.7ViewingtheMicrosoftRemoteConnectivityAnalyzer
TheBottomLine
Understandemailfundamentals.TogainthebestadvantagefromExchange
Server2016,youshouldhaveagoodgroundingingeneralemailapplicationsand
principles.
MasterItWhattwoapplicationmodelshaveemailprogramstraditionally
used?WhichonedoesExchangeServeruse?Canyounameanexampleofthe
othermodel?
Identifyemail-administrationduties.InstallinganExchangeServersystemis
justthefirstpartofthejob.Onceit'sinplace,itneedstobemaintained.Be
familiarwiththevariousdutiesandconcernsthatwillbeinvolvedwiththecare
andfeedingofExchangeServer.
MasterItWhatarethevarioustypesofdutiesthatatypicalExchangeServer
administratorwillexpecttoperform?
Chapter2
IntroducingtheChangesinExchangeServer2016
Emailclientsusedtobefairlysimpleandtextbased.Emailservershadfew
connectivityoptions,nohigh-availabilityfeatures,andnointegrateddirectory.Then,
beginninginthemid-1990s,wesawabigpushtowardprovidingemailservicetomost
ofourusercommunities.Wealsosawemailgofromanoccasionallyused
conveniencetoabusiness-criticaltool.Businessmanagementandusersdemanded
morefeatures,betteravailability,andmoreconnectivityoptionsastheemailclient
andserverevolved.
MicrosoftreleasedExchangeServer4.0(thefirstversionofExchangeServer)in1996,
andtheproducthasbeenevolvingeversince.ExchangeServer2016istheeighth
majorreleaseoftheExchangeServerfamilyandrepresentscontinuedevolutionofthe
product.Thefeaturesandfunctionsofthisnewreleaseincludenotonlyfeatures
requestedfrommanythousandsofMicrosoft'scustomersbutalsorequirements
sharedinternallyatMicrosoftbyMicrosoftConsultingServicesandtheirownIT
department,whichsupportsmorethan100,000mailboxes.
We'llexplorehowsomeproductfeatureshaveevolvedtothislatestrelease,providing
contextforfunctionalitiesthatwereadded,removed,modified,renamed,or
reinvented.Asofthiswriting,mostExchangeServercustomersarestillusing
ExchangeServer2013ratherthanExchangeServer2016.Therefore,we'llfocusonthe
changesthathavebeenmadetoExchangeServersinceExchangeServer2013.
INTHISCHAPTER,YOUWILLLEARNTO:
UnderstandthechangesinExchangeserverarchitecture
UnderstandthechangesintheExchangeServerroles
GettingtoKnowExchangeServer2016
ItseemsthatweapproachanynewreleaseofExchangeServerwithasenseofboth
excitementandtrepidation.Welookforwardtothenewfeaturesandcapabilitiesthat
areintroducedwithanewerversionoftheproduct.Certainly,thenewsite-resiliency
features,compliancefunctionalities,resourcemanagement,managementfeatures,
andsecurityfeatureswillallowustodeliverbetter,morereliablemessagingservices
toourendusers.
Ontheothersideofthecoinisthefeelingthatwehavetolearnawholenewseriesof
featuresinsideandoutsothatwecanbetterusethem.Sure,weknowExchange
Server2013prettywell,buttherewillbenewdetailstolearnwithExchangeServer
2016.Sometimeswehavetolearntheseimplementationormanagementdetailsthe
hardway.
However,thismilestoneintheevolutionofExchangeServerisagoodone.Wecan't
helpbutbeexcitedaboutlearningaboutthisnewversionandsharingwhatwehave
learned.Wehopethatyouwillfeelthesamesenseofexcitement.Wehavepickeda
top-tenlistofnewfeaturesthatwelikeandhopethatyouwillinvestigatefurtheras
youstarttolearnExchangeServer2016.Someofthesearesummarizedinthis
chapterandmanyoftheseyouwillfindinmoredetailinlaterchapters.
Simplicityofserverroles:MailboxandEdgeTransport
ProxytrafficfromandtoExchangeServer2016
Outlookontheweb(formerlyOutlookWebApp)
MAPIoverHTTPasthedefaultprotocol
DocumentcollaborationwithSharePoint2016andOneDriveforBusiness
WizardforhybridOffice365environments
NewconditionsandactionsforDataLossPrevention(DLP)policies
PublicfoldersupportforIn-PlaceeDiscoveryandIn-PlaceHolds
ComplianceSearchwitheDiscovery
Redesignedarchitectureformailboxsearches
LearntheExchangeManagementShell(andWearSunscreen!)
TothoseofyouwhohavebeenaroundtheInternetlongenoughtorememberthe
“WearSunscreen”email,thatwassupposedlythe1997commencementaddressto
MITgivenbyKurtVonnegutbutwasinrealityacolumnwrittenbytheChicago
Tribune'sMarySchmich,wegiveyou“LearntheManagementShell(andWear
Sunscreen)”tohelpyouprepareforExchangeServer2016,projectmanagement
bestpractices,andtheworldingeneral:
IfwecouldofferyouoneimportanttipwhenlearningExchangeServer2016,
itwouldbethatyoushouldgettoknowtheExchangeManagementShell
(EMS).Sure,itlooksintimidatingandnearlyeverythingyouwilleverneedto
doisintheExchangeAdminCenter.ManyExchangeServerguruswillbackus
uponthevalueandusefulnessoftheEMS,whereastheymightnotagreewith
usonthingssuchasusingreal-timeblocklists,makingfullbackupsdaily,and
keepinglotsoffreediskspaceavailable.
MakeregularExchangeServerdatabackups.
Document.
Don'tbelieveeverythingyoureadfromvendors;theirjobistosellyouthings.
Don'tputoffmaintenancethatmightaffectyouruptime.
Ifyougetintrouble,callforhelpsoonerratherthanlater.Afewhundred
dollarsforaphonecalltoyourvendororMicrosoftProductSupportServices
isbetterthanafewdaysofdowntime.
Shareyourknowledgeandconfigurationinformationwithcoworkers.
Acceptcertaininalienabletruths:diskswillfail,serverswillcrash,userswill
complain,viruseswillspread,andimportantmessageswillsometimesget
caughtinthespamfilter.
Gettoknowyourusersandcommunicatewiththem.
Implementsiteresiliencyandhighavailabilityformailboxesandforpublic
foldermailboxes.
MakeregularbackupsofyourActiveDirectory.
Ifaconsultantistellingyousomethingthatyouknowinyourgutiswrong,
double-checktheirworkorruntheirrecommendationbyanothercolleague.
Secondopinionsandanothersetofeyesarealmostalwayshelpful.
Thinktwice.Clickonce.
ButtrustmeontheEMS.
Inthischapter,wewillcoverthefeaturesofExchangeServer2016notonlytogive
experiencedExchangeServeradministratorstheproperperspectiveonExchange
Server2016butalsotoeducatenewlymintedExchangeServeradministratorsonjust
howpowerfulExchangeServerhasbecome.Somefeatureswe'lldiscussinthis
chapteraren'tbrandnew,buttheyaresokeytotheproductandhavebeensogreatly
improvedinthisreleasethatwearecompelledtomentionthemattheoutset.
ExchangeServerArchitecture
Overthelastseveralreleases,anumberofsignificantchangeshavebeenmadetothe
architectureofExchangeServer.Thesechangespositivelyimprovetheperformance
andscalabilityofExchangeServer,buttheyalsoresultinsomeprettysignificant
differencesintheplatformonwhichyousupportExchangeServer.
WindowsServer2012R2andExchangeServer2016
BecauseofsomeoftheunderlyingrequirementsofExchangeServer2016,youmust
runWindowsServer2012orWindowsServer2012R2.Thefollowingeditionsof
WindowsServerwillsupportExchangeServer2016:
WindowsServer2012StandardEdition
WindowsServer2012DatacenterEdition
WindowsServer2012R2StandardEdition
WindowsServer2012R2DatacenterEdition
ItmayalsobesafetoassumethatExchangeServer2016willalsobesupportedon
WindowsServer2016.However,atthetimeofthiswriting,WindowsServer2016is
stillonlyavailableasatechnicalpreview.Becauseofthis,ExchangeServer2016has
notyetbeenqualifiedonWindowsServer2016.
ExchangeServer2016alsohasseveralotherrequirements.Theserequirements
include:
WindowsManagementFramework4.0
Microsoft.NETFramework4.5.2
AforestfunctionlevelofWindowsServer2008orhigher
AlldomaincontrollersmustberunningWindowsServer2008orlater
ThesupportedOutlookclientsforExchange2016include:
Outlook2016withthelatestservicepacksandupdates
Outlook2013withthelatestservicepacksandupdates
Outlook2010withthelatestservicepacksandupdates
OutlookforMacforOffice365
ThemanagementtoolsforExchangeServer2016canbeinstalledonacomputerthat
hasoneofthefollowingoperatingsystems:
WindowsServer2012StandardorDatacenter
WindowsServer2012R2StandardorDatacenter
Windows1064-bit
Windows8.164-bit
NotethatExchangeServer2016andExchangeServer2007cannotcoexistinthesame
environment.
ToinstallExchangeServer2016withExchangeServer2010,theExchangeServer
2010servermustberunningUpdateRollup11forExchange2010SP3orlater.
ToinstallExchangeServer2016withExchangeServer2013,Exchange2013
CumulativeUpdate10orlatermustbeinstalledonallExchangeServer2013servers
intheorganization.
ServerRoles
ExchangeServer2013hadthreeserverroles:theClientAccessserverrole,theEdge
Transportserverrole,andtheMailboxserverrole.InExchangeServer2016,thereare
nowjusttwoserverroles.TheClientAccessserverrolehasbeenretired.Now,thetwo
serverrolesaretheMailboxserverroleandtheEdgeTransportserverrole.The
MailboxserverroleincludesallofthecomponentsthataClientAccessserverrole
providedwithExchangeServer2013.TheMailboxserverrolenowprovidesthese
services:
ClientAccessprotocols
Transportservice
Mailboxdatabases
Unifiedmessaging
TheEdgeTransportserverroleisdesignedtoenableyoutodeployamessagingserver
inaperimeternetwork,outsideofanActiveDirectoryDomainServices(ADDS)
environment.ThisassistsinminimizingtheattacksurfaceofyourExchange
environment.Italsoassistsbyaddingapointofsecurityformessagesthatinclude
v
irusesandspam,keepingthemoutoftheinternalnetwork.
ExchangeServer2016alsogivesyoutheabilitytoproxytrafficfromanExchange
Server2013environment,aswellasfromExchangeServer2016toExchangeServer
2013.ThisflexibilityenablesyoutocontroltheprocessofmigratingtoExchange
Server2016,suchaswithaphasedmailboxapproach.Itisalsobeneficialfor
interoperabilitybetweenExchangeServer2013andExchangeServer2016becausean
y
mailboxservercanproxyclientstothecorrectserver,regardlessofwhethertheserver
isrunningExchangeServer2013orExchangeServer2016.Wetalkmoreabout
migrationsandinteroperabilityinChapter11,“UpgradesandMigrationstoExchange
Server2016orOffice365.
High-AvailabilityDecisions
High-availabilitydecisionsdonotneedtobemadeatinstallationtime.High
availabilityforExchangeServer2016databasesisaddedincrementallyafterthe
initialdeploymentoftheMailboxserver.ThereisnoclusteredMailboxserver
installationoption;however,administratorscreateDatabaseAvailabilityGroups
(DAGs)toimplementhighavailability.Highavailabilityisdiscussedindetailin
Chapter20,“CreatingandManagingDatabaseAvailabilityGroups.”Mailbox
databasescanbeaddedtodatabaseavailabilitygroupsatanypointinthegame.
Thedatabasescanberemovedfromdatabaseavailabilitygroupsaswell,as
needed.Essentially,thehigh-availabilitydecisionscanbedoneincrementally
afteradeploymenthasoccurredandreversediftheynolongerservetheneedsof
theorganization.ItisimportanttonotethataDAGcancontainonlyserversthat
runthesameversionofExchangeServer.AddinganExchangeServer2016toa
DAGthatcontainsExchangeServer2013serversisnotsupported,andviceversa.
TheMailboxServerRole
TheMailboxserverroleisresponsibleforsomuch,yetchangesinthearchitecture
haveensuredthatitrequiresfewresourcestoperformallitsnecessarytasks.Wewill
discuss,inlaterchapters,thedatabasebenefitswithregardtothedatabaseschema
andmemoryutilizationinExchangeServer2016.Recentimprovementsaredesigned
toenhancetheabilityofaMailboxservertodosomuchmorewithsomuchless.
AnotherverysignificantchangeintheMailboxserverroleisthenumberofClient
Accessfeaturesthatarenowhandledbythisrole.InExchangeServer2016,aMailbox
serverhandlesthedatarenderingforclientrequests,runsalloftheclientaccess
protocols,andstillmaintainsallmailboxes.
TheMailboxserverroleisresponsibleforthefollowingfunctionality(thislistisn't
exhaustive):
Hostsmailboxdatabases
Hostspublicfolderdatabase
Providestransport-relatedservices,includingproxying(notethattransportwas
originallyhandledbyaHubTransportserverrolethatwentawayinExchange
Server2013)
Providesclientconnectivityforallclients(notethatclientaccesswashandledby
theClientAccessserverroleinExchangeServer2013butisnowhandledbythe
MailboxserverroleinExchangeServer2016)
TheEdgeTransportServerRole
Theamountofspam,maliciousemail,andvirusesthatsomeorganizationsreceiveis
staggering.Evensmallorganizationsarereceivingtensofthousandsofpiecesof
spam,dozensofviruses,andhundredsofthousandsofdictionaryspammingattacks
eachweek.Someorganizationsestimatethatmorethan90percentofallinbound
emailisspamorotherunwantedcontent.Keepingthisunwantedcontentawayfrom
yourExchangeserversisimportant.Acommonpracticeformessagingadministrators
istoemployadditionallayersofmessagehygieneandsecurity.Thefirstlayeris
usuallysometypeofapplianceorthird-partySMTPsoftwarepackagethatisinstalled
intheorganization'sperimeternetwork.Theproblemwiththesethird-partyutilitiesis
thattheadministratorhastobecomeanexpertonanadditionaltechnology.Aneasier
methodthatsomeorganizationschooseistouseacloud-basedsolution.The
ExchangeOnlineProtection(EOP)servicefromMicrosoftisapopularcloud-based
messageprotectionsolution.
ExchangeServer2016includesaserverrolenamedEdgeTransport.Theroleremains
similartotherolefromExchangeServer2010andExchangeServer2013.TheEdge
TransportserverroleisrecommendedforperimeternetworksoutsideofanADDS
environment.AlthoughitispossibletoinstalltheEdgeTransportroleonadomain
server,noneoftheExchangeservicesusedforEdgeTransportrequireADDS.The
EdgeTransportserverroleusesActiveDirectoryLightweightDirectoryServices(AD
LDS)tostoreconfigurationandrecipientinformation.
AnEdgeTransportserverwillhandleallinboundandoutboundmessagingtrafficfora
Mailboxserver.ThisincludesmailrelayandsmarthostservicesfortheExchange
environment.YoucandeploymultipleEdgeTransportserverstoenableredundancy
andfailovercapabilitiesintheperimeternetwork.Youcanalsoloadbalanceincoming
messagesbydistributingtheSMTPtraffictomultipleEdgeTransportservers.
IstheEdgeTransportServerRoleRequired?
AcommonmisconceptionisthattheEdgeTransportroleisrequiredforan
ExchangeServerorganization.Thisisnotthecase,especiallyfororganizations
thatchoosetouseacloud-basedmessageprotectionsolution.Inboundemailcan
besentdirectlytotheMailboxserver,oryoucancontinuetouseyourexisting
third-partyantispam/message-hygienesystemtoactasaninboundmessagerelay
forExchangeServer.
TheEdgeTransportserverisastand-alonemessagetransportserverthatismanaged
usingtheEMSandthesamebasicmanagementconsolethatisusedtomanage
ExchangeServer2016.AserverfunctioninginanEdgeTransportroleshouldnotbea
memberoftheorganization'sinternalActiveDirectorydomain,althoughitcanbepart
ofaseparatemanagementforestusedinaperimeternetwork.
ContentfilteringandMicrosoftForefrontSecurityforExchangeareimplementedon
theEdgeTransportserverthroughcontentfilteringandotherantispamfeatures.You
canalsorunthefeaturesonthemailboxserverifyoudonothaveEdgeTransport
servers.
AnexampleofhowanorganizationmightdeployanEdgeTransportserverisshown
inFigure2.1.InboundemailisfirstdeliveredtotheEdgeTransportserversthatare
locatedintheorganization'sperimeternetwork,wherethemessageisinspectedby
thecontentfilter,ForefrontSecurityforExchange,andanymessagetransportrules.
Theinboundmessageisthensentontotheinternalservers.Additionally,the
ExchangeServerMailboxserversareconfiguredtodelivermail,leavingthe
organizationtotheEdgeTransportserversratherthanconfiguringtheinternal
serverstodelivermaildirectlytotheInternet.
Figure2.1DeployinganEdgeTransportserver
TheEdgeTransportserverisafullyfunctionalSMTPmessage-hygienesystemwith
manyofthesamefeaturesthatarefoundinexpensivemessage-hygienesoftware
packagesandappliances.Thefollowingfeaturesareincluded:
Per-usersafe-sender,safe-recipient,andblocked-senderlistsareautomatically
replicatedfromtheuser'smailboxtotheEdgeTransportserver.Recipientfiltering
isenabledwhenvalidrecipientsaresynchronizedtotheEdgeTransportserver's
localActiveDirectoryLightweightDirectoryServices(ADLDS)database.
Senderandrecipientfilteringcanbeconfiguredviaadministrator-controlledlists.
IntegratedMicrosoftcontentfilterisincludedforspamdetection.Spamcanbe
rejected,deleted,quarantined,ordeliveredtotheuser'sJunkemail.
Multiplemessage-quarantinesallowmessagesthatarehighlylikelytobespamto
bequarantinedandsenttoaquarantinemailboxonyourExchangeserver.A
separatequarantineexistsintheformoftheuser'sJunkemailfolderformessages
thatarestilltaggedasspambutwithalowerSpamConfidenceLevel.
MicrosoftForefrontSecurityforExchangeServerisavailablefortheEdge
TransportserverwhenEnterpriseclientaccesslicensesareused.However,this
willbeashort-livedsolution,sinceMicrosofthasannouncedthattheentiresuite
ofForefrontproductsisbeingdecommissioned.Instead,manyorganizationsuse
EOPoranotherthird-partysolution.
Dailycontentfilterandvirussignatureupdatesareavailablefororganizations
usingMicrosoftForefrontSecurityforExchangeServer.
Real-timeblocklistsandtheIPReputationServiceallowanIPaddresstobe
checkedtoseeifitisaknownsourceofspam.Reputationfilterscanbeupdatedon
adailybasis.
SenderIDfiltersallowfortheverificationofthemailserverthatsentamessage
andwhetheritisallowedtosendmailforthemessagesender.
Senderreputationfiltersallowasendertobetemporarilyplacedonablocklist
basedoncharacteristicsofmailcomingfromthatsender,suchasmessagecontent,
senderIDverification,andsenderbehavior.
ClientConnectivity
WithExchangeServer2013,OutlookclientsconnectedtotheExchangeServerby
usingRPCoverHTTP(OutlookAnywhere).ThisenabledOutlooktoconnecttoan
Exchangeserver,regardlessofitslocation,byusingtheOutlookAnywhereservice.
BeginningwithExchangeServer2016,OutlookclientsconnecttotheExchangeserver
byusingMAPIoverHTTP.RPCoverHTTPisstillavailable,butisofficialde-
emphasized(meaningthatitmaynotbeincludedinfuturereleasesofExchange
Server).MAPIoverHTTPisthedefaultcommunicationmethodbetweentheclient
andtheserver.
MAPIoverHTTPincreasesreliabilityandstabilityoftheclientconnection.This
protocolenablesahigherlevelofvisibilitytoerrorsthatmightoccurbetweenthe
clientandserver,aswellasenhancedrecoverability.MAPIoverHTTPalsoincludes
supportforapauseandresumefunction,whichenablestheclientstochange
networkswhilemaintainingaconnectiontotheExchangeServer.MAPIoverHTTP
canalsoreducethetotalnumberofclientconnections,whichcanbehelpfulfroma
performanceperspective.
WhileMAPIoverHTTPisthedefaultconnectionprotocolfornewExchangeServer
2016environments,ifyouinstallExchangeServer2016inanenvironmentwith
ExchangeServer2013,theprotocolwillnotbeusedautomatically.Thisisbecause
MAPIoverHTTPisnotenabledbydefaultinExchangeServer2013andwas
introducedwithExchangeServer2013ServicePack1.
HybridImprovements
ExchangeServer2016canbeimplementedwithOffice365forahybridon-premises
andcloud-basedservice.WhenconfiguringahybridorganizationwithExchange2016,
youwillbepromptedtodownloadtheHybridConfigurationWizard.Thiswizardis
includedtoassistconfiguringthehybridenvironment.
ThewizardhasbeenupdatedforExchangeServer2016toincludethefollowing
features:
EasyupdatesforchangesinOffice365services
Assistsintroubleshootingahybridenvironmentconfiguration
Improveddiagnosticinformationtoresolveproblems
SupportforbothExchangeServer2013and2016hybridenvironments
HybriddeploymentsshouldbeperformedbyusingAzureActiveDirectoryConnect
(AADConnect).AADConnectprovidesfunctionalitytosynchronizemultipleon-
premisesADDSforestswithasingleOffice365account.
Inahybridenvironment,ExchangeActiveSyncclientswillbeautomaticallydirectedto
Office365iftheuser'smailboxismovedtothecloud.Tosupportthisautomatic
redirection,theActiveSyncclientmustsupportHTTP451redirects.Aftertheclient
hasbeenredirected,theExchangeprofileonthedevicewillbeupdatedtousethenew
URLoftheExchangeOnlineservice.Atthispoint,theclientwillnotcontacttheon-
premisesenvironmentformailboxinformation.
OneDriveforBusinessIntegration
WithExchangeServer2016andSharePoint2016,Outlookonthewebuserscanlink
toandsharedocumentsthatarestoredinOneDriveforBusinessoronanon-
premisesSharePointserver.Insteadofattachingafiletoanemailmessage,userscan
linktodocumentsdirectlyfromOutlookontheweb.Userscancollaborateinanon-
premisesdeploymentjustastheycanwithOffice365.
IfauserreceivesaWord,Excel,orPowerPointfilethatisstoredinOneDrivefor
BusinessorSharePoint2016,therecipientcanviewandeditthefiledirectlyfrom
Outlookontheweb.Foranon-premisesenvironment,aservermustberunning
OfficeOnlineServer,whichisinpreviewatthetimeofthiswriting,intheon-
premisesorganization.
AftereditingthefilewithinOutlookontheweb,therecipientcansaveoruploadthe
filetoOneDrive.
Performance
ThenewarchitectureofExchangeServer2016combinesthecorefeaturesintoa
singleserverrole.Aspartofthatarchitecture,thesearchfunctionalityhasalsobeen
redesigned.InpreviousversionsofExchangeServer,thesearchingfunctionswerenot
fault-tolerantandwereperformedsynchronously.InExchangeServer2016,searching
isperformedasynchronouslyandisdecentralized.Searchfunctionsaredistributed
acrossallExchangeServersintheorganization,andretriesareattemptedifservers
aretoobusy.
Thesearchscalabilityhasalsobeenimproved.Previously,upto5,000mailboxes
couldbesearchedsimultaneouslyfromthewebapp.WithExchangeServer2016,this
hasincreasedto10,000mailboxes.WhenusingtheEMS,thereisnolimittothe
numberofmailboxesthatcanbesearched.
ImprovedPolicyandComplianceFeatures
ExchangeServer2016hasmadesignificantimprovementstobothDataLoss
Prevention(DLP)andeDiscovery.
DataLossPrevention(DLP)
InExchangeServer2016,transportruleshavebeenupdatedwithseveralnew
predicatesandactions.Also,thecoolestnewfeaturetohittransportrulesisDLP
policies.DLPpoliciesaredesignedtopreventusersfromsharingsensitive
informationwithunauthorizedusers.
Everytransportrulehasthreecomponents:conditions,actions,andexceptions.The
conditionsspecifyunderwhichcircumstancestheruleapplies,whereastheexceptions
specifyunderwhichconditionsitwillnotapply.ExchangeServer2016hastheability
toidentify,monitor,andprotect80differenttypesofsensitiveinformationbasedon
conditionsandactions.
Anewcondition,“Anyattachmenthastheseproperties,includinganyofthesewords,”
willcauseatriggerifanattachedOfficedocumentcontainsthedefinedwords.This
conditionenablesyoutointegratethetransportruleswithSharePoint,Windows
Server2012R2FileClassificationInfrastructure,orathird-partyclassification
system.
Anewaction,“Notifytherecipientwithamessage,”willsendacustomizablemessage
totherecipient.Forexample,youcannotifytherecipientiftheemailwasrejectedor
quarantinedbasedonthecontents.
Theexistingaction“Generateincidentreportandsenditto”hasbeenupdatedsothat
thereportcanbemessagedtomultipledistributionlists.
Theactionsaretheinterestingpartofthetransportrule.Figure2.2showsthe
conditionsontheNewRulewindowoftheTransportRuleWizard;thisscreenhas
threeparts.Thefirstpartischeckingonwhichobjecttotakeaction,thesecondis
simplycheckingtheactionstotake,andthethirdpartspecifiesmoredetailsaboutthe
action.
Figure2.2Examiningatransportrule
eDiscoveryandPublicFolders
Themarketforthird-partytoolstosupportExchangeServerhasgrownrapidly.Atone
point,thereweremorethan60thirdpartiesprovidingemailarchivesolutionsfor
ExchangeServer.Thesheervolumeofemailthatusersreceiveandtheirdemandto
keephistoricalemailhavemadethesetoolsveryattractive.
ExchangeServer2010introduced,andExchangeServer2016continues,apremium
featurethatallowsfortheintegrationofemailarchiving.Theemailarchivingfeature
isactuallyaseriesoffeaturesthatinteractdirectlywiththeuser'smailbox:
ArchiveMailboxAnarchivemailboxisasecondarymailboxforauserthatis
usedtostorelong-termemail(archiveemail).Anarchivemailboxcanbeusedin
placeof.pstfiles.Userscancopyemailmessagesfromtheirprimarymailboxto
theirarchivemailbox.Archivemailboxeshelpusersdealwithlargevolumesof
emailwhilestayingwithinmailboxsizelimits.Thearchivemailboxisdefinedona
user-by-userbasisbecausenotallusersneedanarchivemailbox.Thecontentin
thearchivemailboxcanbeaccessedbyusersusingtheOutlook2010orlaterclient
orOutlookontheweb.
RetentionPoliciesRetentionpoliciesdefinethetypesofmailandhowlongthe
mailcanberetainedwithintheuser'sprimarymailbox.Retentionpoliciestakethe
placeofmessagingrecordsmanagement(MRM)inExchangeServer2007and
ExchangeServer2010.Retentionpoliciescanbedefinedtocontrolwhenitemsare
permanentlydeletedorwhentheyaremovedintothearchivemailbox.With
Outlook2010orlater,enduserscanparticipateintheretentionprocessby
applyingretentiontagstomessagesoranentirefolder.
eDiscovery(akaMulti-MailboxandFederatedSearch)TheeDiscovery
featuresenablesanauthorizedusertosearchforcontentacrossmultipledata
sources(boththeuser's“active”mailboxaswellastheir“personalarchive
mailbox”)withinanorganization.Youareabletosearchforinformationacross
Exchange,SharePoint,andSkypeforBusinessarchives,aswellasusethe
eDiscoveryCenterinSharePoint2013tosearchforcontentinExchangeServer.
Discoverymanagerscanalsoexportmailboxcontenttoa.pstfilefromthe
SharePoint2013eDiscoveryconsole.YoucanopttousetheExchangeAdmin
Center(EAC)toperformeDiscoveryoropttouseSharePoint'seDiscoveryCenter.
TheeDiscoveryCenterofferssomeexpandedcapabilities,suchastheabilityto
searchandpreservecontentacrossmultiplesourcesfromasingleconsole.
ExchangeServer2016alsointroducessupportforintegratingpublicfoldersinto
eDiscovery.WithIn-PlaceeDiscovery,youcanquerypublicfoldersinthe
organizationandputholdsonpublicfolders.Similartoplacingamailboxonhold,
publicfolderssupportquery-basedandtime-basedholds.Asofthiswriting,you
canonlysearchandholdallpublicfolders.Theabilitytochooseindividualpublic
folderstosearchandholdisexpectedinalaterrelease.
In-PlaceHoldIn-PlaceHoldenablesanadministratortoplaceaholdonauser's
mailboxsothatdeletedandediteditemsareheldduringtheholdperiod.This
wouldbenecessaryintheeventoflegalactionoraninvestigationregardingthe
conductofoneormoreofyourusers.
Ultimately,theExchangeServer2016archivingandretentionpoliciesareintendedto
replacethemessagingrecords-managementfeaturesthatwereintroducedin
ExchangeServer2007.
eDiscoveryandComplianceSearch
AnewfeatureofeDiscoveryinExchangeServer2016isComplianceSearch.
ComplianceSearchisperformedfromtheEMS,sothereisnolimittothenumberof
mailboxesthatcanbesearched.ForIn-PlaceeDiscovery,youcansearchupto10,000
mailboxeswithasinglesearch.EachExchangeServerorganizationcanrunuptotwo
In-PlaceeDiscoverysearchessimultaneously.
ToperformaComplianceSearch,youmustbeassignedtheMailboxSearch
managementroleorbeamemberoftheDiscoveryManagementrolegroup.Thenew
EMScmdletsavailablewithComplianceSearchare
Get-ComplianceSearch
New-ComplianceSearch
Remove-ComplianceSearch
Set-ComplianceSearch
Start-ComplianceSearch
Stop-ComplianceSearch
MessageTransportRules
MessagetransportrulesarequitesimilartoOutlookrulesandcanevenbecreated
usingawizardsimilartotheoneusedtocreateOutlookrules.However,theserules
arequiteabitmorepowerfulandarerunonMailboxservers.Becauseallmessages
areprocessedbyaMailboxserverregardlessofwhethertheyareinbound,outbound,
orforlocaldelivery,youcanbuildpowerfulpoliciestocontrolthemessagesanddata
thatflowwithinyourorganization.Transportrulescanalsobedefinedatyour
organization'sperimeterbyusingtheEdgeTransportserverroleinExchangeServer
2016.
NewandImprovedOutlookontheWeb
ThoseofuswhogushedwhenwesawtheOutlookWebAccess(OWA)interfacein
Exchange2003thoughtawebinterfacecouldnotgetmuchbetter.ForOutlookonthe
webinExchange2013,theExchangeteamstartedoverfromscratchtobuildamuch
morefunctionalinterfacethaneverbefore.ForExchange2016,ithasbeenupdated
andenhancedfurther!First,thenamehaschanged!ThenewnameisOutlookonthe
web.HerearesomeofthefeaturesinOutlookontheweb:
Platform-specificexperiencesforiOSandAndroid
PremiumAndroidexperiencewithChromeonAndroidversion4.2orlater
EmailimprovementstotheInboxviewandreadingpane
ContactlinkingwithLinkedIn
Updatedcalendar,includingemailreminders
Searchsuggestions
Thirteennewthemes
PreviewURLlinkswithinmessages
InlinevideoplaybackfromURLs
DocumentcollaborationwithSharePoint2016andOneDriveforBusiness
OverviewofChangesSinceExchangeServer2013
SinceExchangeServer2013,theprimarychangestoExchangeServer2016are
Combinedservices(HT,CAS,MBX)intheMailboxserverrole
IntegrationwithOneDriveandSharePoint2016
Additionalpolicyandcompliancefeatures
OutlookWebAppredesignedasOutlookontheweb
ThesearethekeyfeaturedifferencessinceExchangeServer2013andhavebeen
discussedinthischapter.Knowingsomeofthechangesandintroductionoffeatures
canbehalfofthebattletoupgradingyourknowledgeonanewlyreleasedproduct.
Now,WhereDidThatGo?
AsnewandbetterfunctionsandAPIshavebeenintroduced,naturallysomefunctions
arenolongeremphasizedorsupported.We'vealreadymentionedafewfeaturesthat
havebeenremoved,buttherearemanymore.Therehasbeenalotofconfusion
surroundingwhatwillcontinuetobesupportedinExchangeServer2016andwhat
willnolongerwork.Thephrase“nolongersupported”itselftendstogeneratealotof
confusionbecauseanunsupportedfunctionmaycontinuetoworkbecauseithasnot
trulybeenremoved.Yourmileagemayvarywhenitcomestofeaturesthatareno
longersupported.
What'sbeenremovedfromExchangeServerreallydependsonyourperspective.Are
youanExchangeServer2010expert?IsExchangeServer2013yourcomfortzone?
We'vebrokendownthenextsectionofremovedfeaturesbasedonyourperspective.
FeaturesNoLongerIncluded
AsExchangeServerhasevolvedintoitscurrentform,thecodehasexperienced
significantchanges.SomefeaturesandAPIshavebeencompletelyremoved.Although
mostofthesefeatureswillnotaffectthemajorityofExchangeServerdeployments,
youshouldkeeptheminmindandthoroughlyevaluateyourexistingmessaging
environmenttomakesureyouarenotdependentonafeaturethathasnoequivalent
inExchangeServer2016.IfyourequireanyofthefeaturesorAPIsthatwerenot
carriedoverfromExchangeServer2010or2013,youmayneedtokeepanolder
versionofExchangeServerinoperation.
ExchangeServer2016EschewsExchangeServer2007
OnlyExchangeServer2010andExchangeServer2013cancoexistwithExchange
Server2016inthesameorganization.Ifyoustillrequirefeaturesprovidedbythe
ExchangeServer2007platform,youwillnotbeabletotransitiontoExchange
Server2016untilyoucanreplacethatparticularfeaturerequirementwithnewer
software.
ExchangeServer2010FeaturesRemovedfromExchangeServer2016
ThefollowingfeatureswereincludedwithExchangeServer2010butarenolonger
availableinExchangeServer2016:
UnifiedMessagingdirectorylookupsusingAutomaticSpeechRecognition.
ManagedFoldersformessagingretentionmanagement,includingthePort
ManagedFolderWizard.
AntispamagentsfromtheGUI.WithExchangeServer2016,antispamcanbe
managedonlyfromtheEMS.
ConnectionandAttachmentfilteringonMailboxserverroles.Theonlywayto
enableConnectionFilteringistouseanEdgeTransportserverinaperimeter
network.
Theabilitytolinkasend-and-receiveconnectorhasbeenremoved.
OutlookWebApphasbeenrenamedtoOutlookontheweb.Additionally,spell
check,customizablefilters,messageflags,chatcontactlists,andsearchfolders
havebeenremovedfromthewebclient.
Outlook2003and2007arenotsupported.Outlookclientsmustuseeither
OutlookAnywhere(RPCoverHTTP)orMAPIoverHTTP.
TheExchangeManagementConsoleandExchangeControlPanelhavebeen
replacedbytheExchangeAdminCenter.
TheHubTransportandUnifiedMessagingserverroleshavebeenremoved.Both
serverrolesareincludedasfeaturesintheMailboxserverrole.
ExchangeServer2013FeaturesRemovedfromExchangeServer2016
Thefollowingfeaturesarebeingde-emphasizedwithExchangeServer2016andmay
notbeincludedinfutureversions:
Third-partyreplicationAPIs.
RPCoverHTTPforclientconnections.
DatabaseAvailabilityGroupsupportforfailoverclusteradministrativeaccess
points.
ClientAccessserverrole.Thefunctionsofthisrolehavebeenincludedinthe
Mailboxserverrole.
TheMAPI/CDOlibraryhasbeenreplacedbyExchangeWebServices,ActiveSync,
andRESTAPIs.
ClearingUpSomeConfusion
WementionedearlierthatExchangehascertainlybeenhypedalotduringthedesign
andbeta-testingprocess.Thishasgeneratedalotofbuzzintheinformation
technologyindustry,butthisbuzzhasalsogeneratedalotofconfusionandsome
misinformation.Herewe'llclearuptheconfusionbyansweringafewofthecommon
questionsaboutExchange2016.
DoIhavetohavetwoserverstoruneachoftheserverroles?Inthedays
ofExchangeServer2010,manyorganizationsdeployeddifferentrolestodifferent
serversinlargeorganizations.Manyadministratorsreservedtheconsolidated
serverapproachforsmallenvironments.However,theperformancecapabilitiesof
ExchangeServer2016surpassthepreviousversionstosuchanextentthatall
servicesarerunwithintheMailboxserverrole.
Istherea32-bitversionofExchangeServer2016?No,a32-bitversionof
ExchangeServer2016isnotavailable.
IstheEdgeTransportserverrequired?No,EdgeTransportserversarenot
required.Youcanuseanythird-partymessage-hygienesysteminyourperimeter
network,youcandirectinboundandoutboundmailthroughyourinternalservers,
oryoucandoboth.
IsEMSknowledgerequired?DoIhavetolearnscripting?Mostcommon
administrativetaskscanbeperformedthroughtheExchangeAdminCenterweb-
basedinterface.Command-linemanagementandscriptingforExchangeServer
2016havebeengreatlyimprovedthroughtheuseoftheEMS.Manytasksare
simplerormorepowerfulthroughtheEMS,butitisnotnecessarytolearn
scriptinginordertostartworkingwithExchangeServer2016.Westrongly
encourageyoutogettoknowmanyofthepowerfulfeaturesoftheEMSasyouget
comfortablewithExchangeServer2016.Anumberofadvancedadministration
tasksdonothaveagraphicaluserinterfaceoption.
Whatishappeningwithpublicfolders?Theuseofpublicfolderswith
ExchangeServer2016isstillavailableandsupported.However,foryears,there
hasbeentalkaboutmovingawayfrompublicfolders,potentiallyremovingsupport
forthematsomepoint.Atthetimeofthiswriting,thereisn'tanyinformationto
indicatethatthisiscomingsoon(orcomingatall).Butyoumaywanttoexamine
yourpublicfolderapplicationswithaneyetowardmigratingthemtosystemssuch
asMicrosoftSharePointServer2016totakeadvantageofthelatestcollaboration
features.Also,rememberthatthetraditionalpublicfolderdatabasesarenolonger
availableinExchangeServer2016andthatyoumustnowstoreallpublicfoldersin
apublicfoldermailbox.
TheBottomLine
UnderstandthekeychangesinExchangeServer2016.Significantupdates
weremadetotheExchangeServer2016architecturetocontinuetheimprovement
tothescalability,security,andstability.TheMailboxrolehandlesmailboxes,
publicfolders,transport,andclientconnectivity.Compliancesfeatures,suchas
compliancesearchandeDiscovery,aregreatlyenhancedandsimplified.Thedisk
I/Orequirementscontinuetobereduced,enablingorganizationstoruntheir
Exchangeserversonlower-performingstorage.
MasterItYouareplanningyouremaildatastoragestrategy,especiallyfor
long-termstorage.Youwanttominimizeoreliminatetheuseof.pstfiles.
Whichtechnologyshouldyouusetomaintainemaildataindefinitely?
UnderstandtheMailboxrole'sexpandedduties.Overthelastcoupleof
versionsofExchangeServer,theExchangeserverroleshavebeenupdated.Ineach
version,aserverrolewasconsolidated,enablingorganizationstoreducetheir
serverfootprintandsimplifytheirenvironments.
MasterItYouareplanningatrainingsessionforyourjunioradministratorsto
preparethemintheirSMTPconnectivitytroubleshootingtasks.Whichserver
roleshouldyourecommendtheyinspectwhenattemptingtotroubleshoot
emaildeliveryproblems?
Chapter3
UnderstandingAvailability,Recovery,andCompliance
Themodernbusinessworldisgettingmorecomplex,notless;emailinturnevolvesto
keepup.AsanExchangeServeradministratororimplementer,youneedtoknow
moreaboutawidervarietyoftopicswithoutlosingyourcorecompetencyinExchange
Server.
INTHISCHAPTER,YOUWILLLEARNTO:
Distinguishbetweenavailability,backupandrecovery,anddisasterrecovery
Determinethebestoptionfordisasterrecovery
Distinguishbetweenthedifferenttypesofavailabilitymeantbythetermhigh
availability
Implementthefourpillarsofcomplianceandgovernanceactivities
ChangingfromaTechnologytoaBusinessViewpoint
Y
ou'veprobablyheardtheoldproverbthat“everycloudhasasilverlining.”Itcanbea
comforttoknowthatgoodcanusuallybefoundduringeventheworstoccasions.
W
henamailboxdatabaseserver'sRAIDcontrollergoesbadandcorruptsthedrive
arraycontainingtheexecutivemailboxes,youhavetheopportunitytovalidateyour
b
ackupstrategyanddemonstratethatitworksperfectlyunderpressure.
However,theunacknowledgedcorollaryisMurphy'sLaw:“Anythingthatcango
w
rongwillgowrong.”Everyfeature,functionality,andcomponentthatisaddedtoa
messaginginfrastructureincreasescomplexityandthenumberofpotentialfailures.If
y
outhinkforamomentaboutthespreadofemailandhowithaschangedfroma
luxurytoautility,youcanseethatelectronicmessagingadministratorshavebecome
v
ictimsoftheirownsuccess.
Gonearethedayswhereyousimplyhadtoworryabouteditingandpublishingthe
correctDNSrecordsforyourdomains,provisioningandconfiguringyourT1routers,
andwrestlingwithserverhardware.Today'schallengesinvolvemeetingmoregoals,
supportingmorecomplexenvironments,meetingbusinessrequirements,and
analyzingrisks.Thesearecommonscenarios:
Ensuring
that
mailbox
servers
have
the
proper
storage
back-end
design
to
allow
backups
to
happen
within
a
defined
window
Ensuring
that
your
users
continue
to
have
access
to
their
mailboxes
even
when
a
server
fails,
a
flaky
router
takes
a
site
offline,
or
power
fails
for
an
entire
rack
of
servers
Ensuring
that
a
plan
exists
for
quick
recovery
and
restoration
of
your
core
messaging
capabilities
when
the
storage
is
offline
or
corrupt
Ensuring
that
the
messages
users
send
to
external
clients
are
in
compliance
with
all
business
policies
and
regulations
Determining
the
risks
associated
with
failing
to
provide
disaster-recovery
plans
and
the
risks
associated
with
a
failure
to
meet
service-level
agreements
Balancing
business
costs
versus
risks
associated
with
providing
recovery,
ensuring
compliance,
and
providing
a
specified
level
of
service
Technet24.ir
What'sinaName?
Backupandrecovery,highavailability,disasterrecovery,andcomplianceand
governance—youhavelikelyheardofthesemanytimes.Eachplaysaroleinthe
overallprotectionstrategyforyourorganization'sdata.
EachofthesetopicsmustbeevaluatedbyeverymodernExchangeServer
administratorandprofessional,alongwithappropriatebusinessstakeholders,evenif
theyarenotactivelyaddressedineverydeploymentofExchangeServer2016.When
youdoneedtoaddresstheminyourplanning,ExchangeServer2016providesa
varietyofoptionstoensurethatthedeploymentmeetstheparticularneedsofyour
business.Onesizeandonesetofcapabilitiesdonotfitallorganizations.Tomakethe
bestuseofthetoolsthatExchangeServergivesyou,youmustclearlyunderstandthe
problemsthateachcapabilityisdesignedtosolve.Itdoesn'thelptouseascrewdriver
whenyouneedahammer—andyoucan'tsolveadisaster-recoveryproblembyusing
aneDiscoverysearch.
Inthissection,acommonvocabularywillbepresentedfordiscussingthesetopics.
Thiswillenableyoutogetthemostfromourdiscussionsofthenewfeaturesand
functionalityinExchangeServer2016thatarecoveredinlaterchapters.Youshould
clearlyunderstandhowMicrosoftintendedExchangeServer2016'sfeaturestobe
deployedandused,sothatyouhaveconfidencethattheywillmeetyourbusiness
goals.
BackupandRecovery
LetusbeginwithatopicthatisoneofthecoretasksforanyITadministrator,notjust
ExchangeServeradministrators:backupandrecovery.
Backupistheprocessofpreservingoneormorepoint-in-timecopiesofasetofdata,
regardlessofthenumberofcopies,frequencyandschedule,ormediatypeusedto
storethem.
Asanadministrator,youneedtomakesureyourbackupsincludeallofthe
componentsyouneedtogetExchangeServerservicesupandrunningagain.That
meansmorethanjustthedatabases.Youshouldalsoconsiderthefollowing
components:
ActiveDirectoryDomainServices.ExchangeServerreliesonActiveDirectory,
soitiscriticalthatActiveDirectoryishighlyavailableandbackedup.YourActive
Directoryadministratorsprobablyhandlethis.Butnomatterwhohandlesit,you
shouldensurethatthebackupsareinplace.
OperatingsystemfortheExchangeservers(SystemStateasa
minimum).Priortovirtualization,backinguptheExchangeserveroperating
systemswasquiteimportantbecausebuildinganewphysicalserver(orrebuilding
aphysicalserver)fromscratchwastime-consuming.Today,withvirtualization,
buildinganewserverisquitefast.Someorganizationsopttodeploynewservers
andforgothebackupoftheoperatingsystemforsomeservers.However,withouta
backupoftheoperatingsystemorsystemstate,youwilllosecustomizationssuch
asinIISandtheRegistry.
Filesystem.Thefilesystemhaslogfiles,configurationfiles,andotherdatathat
canbehelpfulinadisaster-recoverysituation.
Databaseanddatabaselogfiles.TheExchangedatabasesareacriticalpieceof
yourbackupsbecausealloftheemaildataisstoredinthedatabases!
Asyoucansee,backingupallofthecomponentscanquicklybecomecomplicated.It
isimportanttohavetherightbackuptoolsatyourdisposal.Aspartofyourdisaster-
recoveryplanning,youshouldlookattheavailabletools,includingthird-partytools,
tofigureoutwhichtoolsbestmeetyourrequirementsandprovidethebest
administrativeexperience.
WithExchangeServer,therearefourmaintypesofdatabasebackups:
FullBackups(Normal)Fullbackupscaptureanentiresetoftargetdata;in
earlyversionsofExchangeServer,thisisastoragegroupwiththetransactionlog
filesandalltheassociatedmailboxdatabasesandfiles.BeginningwithExchange
Server2010andcontinuinginExchangeServer2013andExchangeServer2016,
eachmailboxdatabaseisaseparatebackuptarget,sincethereisnowanenforced
1:1relationshipbetweenmailboxdatabasesandtransactionlogs(itwas“strongly
recommended”inearlierversions).Fullbackupstakethemosttimetoperform
andusethemostspace.Ifcircularloggingisdisabledforamailboxdatabase,full
backupsmustbeexecutedonaregularbasis.Asuccessfulfullbackupinforms
ExchangeServerthatthedatabasesandtransactionlogshavebeenpreservedand
thatsavedtransactionlogscanbepurged.Circularloggingwillbediscussedin
moredepthlater.
CopyBackupsCopybackupsareexactlylikefullbackups,exceptthatsaved
transactionlogsarenotpurged.
IncrementalBackupsIncrementalbackupscaptureonlyapartialsetofthe
targetdata—specifically,thedatathathaschangedsinceeitherthelastfullbackup
orthelastincrementalbackup.ForExchangeServer,thismeansanynew
transactionlogs.Incrementalbackupsaredesignedtominimizehowoftenfull
backupsareperformed,aswellasminimizethespaceusedbyanyparticular
backupset.Asaresult,abackupsetthatincludesincrementalbackupscanbe
moretime-consumingandfragiletorestore;successfulrecoveryincludesfirst
recoveringthelatestfullbackupandtheneachsuccessiveincrementalbackup.
IncrementalbackupsalsoinstructExchangeServertopurgethesavedtransaction
logsafterthebackupiscomplete.Incrementalbackupsarenotavailablewhen
circularloggingisenabled.
DifferentialBackupsDifferentialbackupsalsocaptureonlyapartialsetofthe
targetdata—specifically,thedatathathaschangedsincethelastfullbackup.No
otherbackups(incrementalordifferential)areconsidered.ForExchangeServer,
thismeansanytransactionlogsgeneratedsincethelastfullbackup.Differential
backupsaredesignedtominimizehowmanyrecoveryoperationsyouhaveto
performinordertofullyrestoreasetofdata.Inturn,differentialbackupsuse
morespacethanincrementalbackups,buttheycanberecoveredmorequicklyand
withfeweropportunitiesfordatacorruption;successfulrecoveryincludesfirst
recoveringthelatestfullbackupandthenthelatestdifferentialbackup.A
differentialbackupdoesnotpurgesavedtransactionlogs.Differentialbackupsare
notavailablewhencircularloggingisenabled.
Alsoknownasrestoration,recoveryistheprocessoftakingoneormoresetsofthe
datapreservedthroughbackupsandmakingitonceagainaccessibletoadministrators,
applications,and/orendusers.Mostrecoveryjobsrequiretherestorationofmultiple
setsofbackupdata,especiallywhenincrementalanddifferentialbackupsareinuse.
Twometricsareusedtodetermineiftherecoverytimeandtheamountofdata
recoveredareacceptable:
RecoveryTimeObjectiveRecoveryTimeObjective(RTO)isametriccommonly
usedtohelpdefinesuccessfulbackupandrestoreprocesses.TheRTOdefinesthe
timewindowinwhichyoumustrestoreExchangeServerservicesandmessaging
dataafteranadverseevent.Youmayhavemultipletiersofdataandservice,in
whichcaseitcouldbeappropriatetohaveaseparateRTOforeachtier.Often,the
RTOisacomponentof(ideally,aninputinto,butthat'snotalwaysthecase)your
service-levelagreements.Asaresult,theRTOisacriticalfactorinthedesignof
ExchangeServermailbox-databasestoragesystems;it'sabadideatodesignor
provisionmailboxdatabasesthatarelargerthanyoucanrestorewithinyourRTO.
RecoveryPointObjectiveRecoveryPointObjective(RPO)isametricthatgoes
handinhandwiththeRTO.WhiletheRTOmeasuresatimeframe,theRPOsetsa
benchmarkforthemaximumamountofdata(typicallymeasuredinhours)you
canaffordtolose.Again,multipletiersofserviceanddataoftenhaveseparate
RPOs.TheRPOhelpsdrivethebackupfrequencyandschedule.It'sworthnoting
thatthismetricmakesanexplicitassumptionthatalldatawithinagivencategory
isequallyvaluable;that'sobviouslynottrue,whichiswhyitisimportantto
properlyestablishyourcategories.Remember,though,ifyouhavetoomany
classesorcategories,you'lljusthaveconfusion.
OnethingtonoteaboutExchangeServer2016databasesisthattheysupportonly
onlinebackupsandrestorescreatedthroughtheWindowsVolumeShadowCopy
Service(VSS).VSSprovidesseveraladvantagescomparedtootherbackupmethods,
includingtheabilitytointegratewiththird-partystoragesystemstospeedupthe
backupandrecoveryprocesses.ThemostimportantbenefitVSSgives,though,isthat
itensuresthattheExchangeServerinformationstoreflushesallpendingwrites
consistently,ensuringthatabackupdatasetcanbecleanlyrecovered.
Wewillusethephrase“backupset”severaltimes.Abackupsetisacopyofallofthe
variousbackupsthatarerequiredtoperformaparticularrecovery.Thiswillalmost
alwaysincludeatleastthelastfullbackupandmayincludeoneormoreincremental
ordifferentialbackups
HowMuchDataGetsCopied?
OnethingthatVolumeShadowCopyServicedoesnotnativelyprovideisthe
abilitytoreducetheamountofdatathatmustbecopiedduringabackup
operation.VSSsimplycreateseitherapermanentortemporaryreplica(depending
onhowtheinvokingapplicationrequestedthereplicabecreated)ofthedisk
volume;it'sthenuptotheapplicationtosortouttheappropriatefilesandfolders
thatmakeupthedataset.Usually,thisistheentirediskvolume,butdepending
ontheselectedVSSwritersitmayonlybeaportionofadiskvolumeorspecific
filesonadiskvolume.ManyExchangeServer–awarebackupapplicationssimply
copythevarioustransactionlogfilesandmailboxdatabasefilestothebackup
server.
Someapplications,however,areabitmoreintelligent;theykeeptrackofwhich
blockshavechangedinthetargetfilessincethelastbackupinterval.These
applicationscancopyjustthosechangedblockstothebackupdataset—typically
somepercentageoftheblocksinthemailboxdatabasefileaswellasallthenew
transactionlogfiles—thusreducingtheamountofdatathatneedstotravelover
thenetworkandbestored.Block-levelbackupshelpstrikeagoodbalance
betweenstorage,speed,andreliability.AsyougoforwardwithVSS-aware
ExchangeServer–compatiblebackupsolutions,besuretoinvestigatewhether
theyofferthisfeature.Microsoft'sSystemCenterDataProtectionManagerdoes
offerthisfeature.
DisasterRecovery
Regularbackupsareimportant;theabilitytosuccessfullyrestorethemisevenmore
important.Thiscapabilityisakeypartofyourextendedarsenalforproblem
situations.Restoringtheoccasionalbackupisfairlystraightforwardbutassumesthat
youhaveafunctionalExchangeserverandthedependentnetworkinfrastructures.
Whatdoyoudoifanentiresiteordatacentergoesdownandyourrecoveryoperations
extendbeyondasingleExchangeServermailboxdatabase?Theanswertothis
questionisabroadtopicthatcanfillmanybooks,blogpostings,andwebsitesofits
own.
Disasterrecovery(DR)isthepracticeofensuringthatcriticalservicescanberestored
whensomedisasteroreventcauseslarge-scaleorlong-termoutage.AsuccessfulDR
planrequirestheidentificationofcriticalservices,dependencies,anddata,creationof
documentationthatliststhenecessarytaskstore-createandrestorethem,and
modificationoftherelevantpoliciesandprocesseswithinyourorganizationto
supporttheDRplan.
It'snotenoughtoconsiderhowtorebuildExchangeserversandrestoreExchange
Servermailboxdatabases.ExchangeServerisacomplexapplicationwithmany
dependencies,soyourplansneedtoaccommodatethefollowingissues:
NetworkDependenciesTheseincludesubnets,IPaddressassignments,DNS,
loadbalancers,DHCPservices,switchconfigurations,network/Internetaccess,
androuterconfigurations.AreyourebuildingyourservicestohavethesameIP
addressesornewones?Whateveryoudecide,you'llneedtomakesurethat
requiredservicesandclientscanreachtheExchangeservers.
ActiveDirectoryServicesTheseincludeassociatedDNSzonesandrecords.
ExchangeServercannotfunctionwithoutreliableaccesstoglobalcatalogservers
andotherdomaincontrollers.WhichforestsanddomainsholdobjectsExchange
Serverwillneedtoreference?Doesyourexistingreplicationconfigurationmeet
thoseneedsduringaDRscenario?WhatwouldhappenifanActiveDirectoryuser
accountthatwasassociatedwithamailboxwasaccidentallydeleted?
Third-PartyApplicationsTheseincludemonitoring,backup,archival,orother
programsandservicesthatrequiremessagingservicesorinteractwiththose
services.Don'tjustblindlycatalogeverythinginproduction;besurethesesystems
arealsobeingaddressedaspartofthedisaster-recoveryplan.
There'sablurrylinebetweendisasterrecoveryandtheassociatedconceptofbusiness
continuity(alsocalledbusinesscontinuance).Businesscontinuity(BC)istheability
ofyourorganizationtocontinueprovidingsomeminimumsetofoperationsand
servicesnecessarytostayinbusinessduringalarge-scaleoutage,suchasduringa
regionaleventornaturaldisaster(forexample,ahurricaneorearthquake).Ina
businesscontinuityplan,yourorganizationwillidentifyandprioritizethemost
criticalservicesandcapabilitiesthatneedtoprovideatleastsomelevelofoperational
capacityassoonaspossible,evenwithoutfullaccesstodataorapplications.
It'simportanttonotethatthebusinesscontinuityplanisdesignedandimplemented
alongsideyourdisaster-recoveryefforts.Inmanyorganizations,theywillbe
maintainedbytwoseparategroupsofprofessionals.Itisimperativethatthesegroups
shouldhavegoodlinesofcommunicationinplace.
DrawingtheLinebetweenDisasterRecoveryandBusiness
Continuity
There'salotofconfusionoverexactlyhowdisasterrecoveryandbusiness
continuityrelatetoeachother.Wehavegoodnewsandbadnews:Thegoodnews
isthatit'sasimplerelationship.Thebadnewsis,“Itdepends.
Bothtypesofplansareultimatelyaimedatthegoalofrepairingthedamage
causedbyextendedoutages.Thebiggestdifferenceisthescope;manybusiness-
continuityplansfocusverylittleontechnologyandlookinsteadatoverall
businessprocesses.Incontrast,disaster-recoveryplansofnecessityhavetobe
concernedwiththefinerdetailsofITadministration.Therealityisthatboth
levelsoffocusareoftenneeded—andmustbehandledinparallel,with
coordination,andinsupportofanyadditionalongoingcrisismanagement.
We'lltrytoclarifythedifferencebyprovidinganexample.AcmeInc.isanational
manufacturerandsupplierofvariousgoods,mainlytowholesaledistributorsbut
withasmallandthrivingmail-orderretaildepartmentfortheoccasional
customerwhoneedsqualityAcmeproductsbuthasnoconvenientretailoutletin
theirlocale.Acme'smaincallcenterhasasmallnumberofpermanentstaffbuta
largenumberofcontractcallcenteroperators.
Unfortunately,Acme'smainorderfulfillmentcenter—forbothbulkwholesale
orders,aswellastherelativelysmallamountofmail-ordertraffic—getshitbya
largefragmentinameteorshower,causingafirethatrapidlytransformsthe
entiresiteintosmokingrubbleevenasallpersonnelaresafelyevacuated.Thecall
centerandsupportingdatacenterarecompletelydestroyedand,conservatively,
willtakeseveralmonthstofullyrebuild.Obviously,Acmeisgoingtosuffersome
sortofsetback,butwithproperplanningtheycanminimizetheeffects.What
typesofactionswouldAcme'sBCandDRplanseachbetaking?
Acme'sBusinessContinuityPlanAcmeisconcernedwithgettingthe
minimumlevelofoperationalfunctionbackonlineasquicklyaspossible.In
thiscase,it'sgoingtotakeawhilebeforetheycanresumecallcenter
operations.Theirimmediateneedsaretoestablishatleastsomelevelof
messagingsupportforthetemporarycallcenterworkerstheBCplanbringsin.
TheirBCplandoesnotassumethattheywillhavein-housecapability,soit
makesprovisions—ifrequired—tousehostedExchangeServerservicesasa
short-termstopgapsothatcommunicationswithcustomersandwholesalers
willproceeduntilAcme'sITstaffcanbringupsufficientExchangeserversto
switchbacktoon-premisesservices.
Acme'sDataRecoveryPlanAcmeisconcernedwithrebuildingcritical
structures.Inadditiontorestoringcriticalnetworkinfrastructureservices,
Acme'sExchangeServeradministratorsaretaskedwithfirstrebuilding
sufficientExchangeserversintheirDRlocationtorecoverthemailbox
databasesforthecallcenter'spermanentstaff.Theyalsoneedtothencreate
sufficientExchangeserverstoallowtherecoveryofoperatormailbox
databasestoextractmessagedatapertainingtocurrentlyopencasesthatneed
investigation.Oncethedatacenterisrebuilt,theycanbuildtherestofthe
ExchangeserversandrestoreoperationsfromtheDRsite.
Location,Location,Location
Onefactortendstoconsistentlyblurthelinebetweenregularbackups,disaster
recovery,businesscontinuity,andevenhighavailability:whereyoursolutionis
located.Wehavetalkedtomanyadministratorswhohavethefalseassumptionthat
oncearecoveryactivitymovesoff-site,thatautomaticallymakesitdisasterrecovery
(orbusinesscontinuity,orhighavailability).Thisisanunderstandablemisconception
—butit'sstillnottrue.
Inreality,thequestionof“where”isimmaterial.Ifyou'retakingstepstoprotectyour
data,it'sbackupandrecovery.Ifyou'retakingstepstorebuildservices,it'sdisaster
recovery.Ifyou'retakingstepstoensureyoucanstilldobusiness,it'sbusiness
continuity.Thisisobviouslyanoversimplification,butit'lldofornowunlesswestart
lookingatallthewaysthelinescanblur.However,wedowanttotouchononeof
thosecomplicationsnow:whereyoudeployyourrecoveryoperations.Therearethree
overallapproaches:on-premises,off-premises,oracombinationofthetwo.
On-PremisesRecoverySolutions
MostofwhatwedoasExchangeServeradministrators,especiallyinbackupand
restorework,ison-premises.Inanon-premisessolution,youhaveoneormoresites
whereyourExchangeserversaredeployed,andthosesamesiteshostthebackupand
disaster-recoveryoperations.Notethatthisdefinitionof“on-premises”differs
somewhatfromtraditionaldisaster-recoveryterminology,whichtalksaboutdedicated
disaster-recoverysites.Thesesitesarestillpartofyourpremisesandsoarestill“on-
premises”forourpurpose.
Manyorganizationscanhandlealltheiroperationsinthisfashionthroughtheuseof
ExchangeServer,storageandnetworkingdevices,andthird-partyapplications.Some,
however,canuseadditionalhelp.Whenyouneedon-premiseshelpintheExchange
Serverworld,therearetwobroadcategories:
AppliancesAppliancesareself-containedboxesorservers,usuallyasealed
combinationofhardwareandsoftware,placedintothenetwork.Theyaredesigned
tointerfacewithorbecomepartoftheExchangeServerorganizationandprovide
additionalabilities.Appliancesareusefulforsmallerorganizationsthatwant
sophisticatedoptionsfordisasterrecoverybutdon'thavethebudgetorskilllevel
toprovidetheirown.Appliancescanbeusedtoprovideservicessuchascross-site
datareplication,sitemonitoring,orevenadditionalservicesaimedatothertypes
offunctionality.
Ontheupside,appliancesaretypicallyeasytoinstall.Onthedownside,theycan
quicklybecomeasinglepointoffailure.Thetemptationtoplaceanapplianceand
treatitasa“fire-and-forget”solutionishigh.Inreality,mostappliancesneedto
betested,monitored,andupgradedonaregularbasis.
RemoteManagedServicesRemotemanagedservices(orremotemanagement)
areserviceofferings.Insteadofbuyingasealedblackbox,thecustomerpurchases
aperiodofservicefromavendor.Theserviceproviderprovidesdesign,
deployment,andongoingmaintenanceservicesaspartoftheofferingforthe
customer—sometimesasapackage,sometimesasasetofàlacarteofferings.Like
appliances,theseofferingscanextendbeyondtraditionaldisaster-recovery
offerings.
ThesetypesofserviceprovidersareabletoprovidetrainedExchangeServer
expertiseonascalethatistypicallyavailableonlytoverylargeorganizations.
Theycandothisthrougheconomiesofscale;byusingthesehighlytrained
personneltomonitor,maintain,andtroubleshootmanydisparatecustomer
organizationsofallsizesandtypes,theycanbothaffordthistypeofstaffand
offerthemthekindofchallengesnecessarytoretainthem.
Somesolutionsexistthatcombinethesetwoapproaches;customerspurchasebothan
appliance,aswellasamanagedserviceoffering.
Off-PremisesRecoverySolutions
Someproblemsareeasiertosolve—ormoreefficienttosolve—ifyouletsomeoneelse
dealwiththem.IntheExchangeServerworld,thistranslatestohostedservices
servicesorofferingsprovidedbyathirdparty.Hostedservicesmayprovidealarge
varietyoffunctionalitytoanExchangeServerorganization,rangingfrombackup,
disasterrecovery,andbusinesscontinuitytosuchservicesasmessagehygiene,
archival,andcomplianceandgovernance.
There'saclosesimilaritybetweenhostedservicesandremotemanagedservices.Both
areprovidedbyanexternalservicemodel.Theycanbothofferacombinationof
features,performance,andconveniencethatmakesthemattractivetosmall-and
medium-sizedorganizations.Thedifferenceisthatwithhostedservices,messaging
trafficistargeted—whetherexternallyorinternally—tothehostingprovider,which
thenperformsspecificactions.Dependingonthespecificservice,trafficmaythenbe
reroutedbacktotheorganizationoritmaycontinuetoresideatthehostingprovider.
Mosthostedserviceschargeonaper-userorper-mailboxbasis.Becauseofthis,they
wereoftenoriginallyfavoredbysmallerorganizationsorforspecificportionsofa
largerenterprise.However,today'scostsforhostedservicesaresolowthatevenvery
largeorganizationshavedeployedhostedservices.Hostedservicescanalsorequirea
largeamountofbandwidth,dependingontheoverallamountoftrafficbetweenyour
organizationandtheservice.Thiscandrivethecostshigherthanjusttheup-front
per-userprice.
Oneofthemaindifferencesbetweenhostedservicesandremotemanagedservicesis
thatahostedserviceproviderusually(butnotalways)hasaninternalExchange
Serverdeploymentthatisdesignedtohostmultipletenants.Formanyyears,theretail
versionofExchangeServerwasdesignedaroundtheassumptionthateach
deploymentwouldbeusedforasingleorganizationorcorporateentity.
BeginningwithExchangeServer2000,Microsoftbeganaddingenhancementsto
ExchangeServertoprovidebettersupportformulti-tenantdeployments.However,it
wasnotuntilafterthereleaseofExchangeServer2007andMicrosoft'sowninitial
multi-tenantoffering(BPOS–BusinessProductivityOnlineSuite)thatMicrosoft
begantoinvestsignificantresourcesintoimprovingtheExchangeServerstoryaround
multi-tenantsupport.TheseimprovementscontinuedwithExchangeServer2013and
havefurthercontinuedwithExchangeServer2016.
WithOffice365,MicrosoftishostingmillionsofmailboxesbasedonExchangeServer
2013andExchangeServer2016.ExchangeServer2016canberunon-premises,inthe
cloud,orinahybridconfigurationofthetwo.Ineachcase,theavailablefunctionality
isalmostidenticalirrespectiveofwherethemailboxesarelocated(on-premisesorin
thecloud).
Sonowthatwe'vetalkedquiteabitaboutbackupandrecovery,thereisanother
concepttotalkabout.Thisnewconcept,calledExchangeNativeDataProtection,is
newsinceExchange2013.NativeDataProtectionisanExchangedeploymentthatis
configuredtouseallofthebuilt-inExchangeServerfeaturestominimizeoreliminate
traditionalbackups.ThefollowingfeatureshelpdeliverNativeDataProtection:
MultipledatacenterstohouseExchangeservers.Youneedtohavea
minimumoftwodatacenterstohouseExchangeservers,butmorecanbehelpful,
too.FromapureNativeDataProtectionstandpoint,threedatacentersisoptimum.
Unboundnamespace.Thenamespaceforyourenvironmentdictateswhich
domainsandfullyqualifieddomainsareusedtoconnecttoExchangeservices.A
boundnamespaceisanamespacethatisdesignedtohavespecificusersoperate
outofspecificdatacenters.Anunboundnamespaceisanamespacethatisdesigned
tobesiteagnostic,enablinguserstouseanydatacenter.Theunboundnamespace
presentsasimplifiedconfiguration,butitmaynotbefeasibleinevery
organization.
Multiplecopiesofeachdatabase.Youshouldoptforaminimumofthree
copiesofeachdatabase.Indoingso,youcanpotentiallyeliminatedatabase
backups.However,therearestillriskstoyourdatabases,namelylogical
corruption,whichcanreplicatetoeachcopyofyourdatabase.Luckily,itdoesn't
happenofteninmostorganizations,andExchangehasamitigatingfeature,a
laggeddatabasecopy,whichwediscussnext.
Laggedcopyofeachdatabase.Alaggeddatabasecopyisacopyofadatabase
thatisaspecificamountoftimebehindthesourcedatabase.Forexample,you
mighthaveaprimarydatabasenamedDB01.Itreplicatestoalaggeddatabase.But
thelaggeddatabaseiseighthoursbehind.Allofthechangesinthepasteight
hoursareintransactionlogsandnotplayedintothedatabaseyet.Iflogical
corruptionoccursandreplicates,youhaveeighthourstocatchitandstopitfrom
playingintothelaggedcopy.
Emaildatarecovery.Thisconcernsdeleteditemretentionandsingleitem
recovery.Thisenablesyouand/oruserstorecoveremaildatawithouttheuseof
traditionalbackups.
TheNativeDataProtectionrouteisenhancedbyhavinghighlyavailablecomponents
inyourinfrastructure.Thisincludespower,cooling,Internetconnectivity,routers,
switches,firewalls,loadbalancers,andstorage.WhileNativeDataProtectionisagood
thing,itoftenisn'trealisticformostorganizationsforavarietyofreasonssuchascost
andcomplexity.SomeorganizationschoosetogowithNativeDataProtectionand
traditionalbackups,withtheideabeingthatNativeDataProtectionprovides
everythingthatisneededandbackupsarethereasasecondaryapproach(and,
hopefully,theyareneverrequired).
ManagementFrameworks
There'salotofgreatguidanceoutthere(includingfinebookssuchasthisone)onthe
technicalaspectsofdesigning,installing,configuring,andoperatingExchangeservers
andorganizations.There'salotlessmaterialthatprovidesacoherentlookatthe
issuesoftheentirelifecycleofITmanagementingeneral,letaloneWindowsor
ExchangeServerdeploymentsinparticular.Theremaybe,however,morethanyou
think:everyorganizationofeverysizestruggleswithcommonnontechnicalissues
andneedsagooddefinedframeworkformanagingITresources.Havingthistypeof
frameworkinplacemakesiteasiertoproperlyplanfordisasterrecoveryandbusiness
continuityconcerns,aswellasothercommonmanagementtasks.Thinkof
managementframeworksashavingallemployeesworkinginthesameway,usingthe
sameprocesses.Forexample,everydeploymentofExchangeserverwouldhavea
methodologybehindit,facilitatingtheplanning,preparation,design,deployment,and
support.Documentationisabigpartofmostframeworks.Asyoucansee,witha
managementframeworkinplace,yourcompanyisbettersituatedtodealwitha
disaster-recoverysituation.
Thereareseveralframeworksyoumaywanttoexamine,orwithwhichyouare
alreadyfamiliarinsomefashion:
TheInformationTechnologyInfrastructureLibrary(ITIL)isthe900-pound
gorillaoftheITmanagementframeworkworld.ITILprovidesagenericsetoftools
forITprofessionalstouseastemplateconceptsandpolicieswhendevelopingtheir
ownmanagementprocessesoftheirITinfrastructureandoperations.
MicrosofthasdevelopedtheMicrosoftOperationsFramework(MOF),adetailed
frameworkbasedontheconceptsandprinciplesofITIL.MOFtakesthegeneric
frameworkofferedbyITILandprovidesgreaterdetailoptimizedforWindowsand
otherMicrosofttechnologies.
LikeMicrosoft,IBMoffersitsownITIL-centricframework:theIBMTivoliUnified
Process(ITUP).ITUPprovidesguidanceontakinggenericITILconceptsand
processesandlinkingthemintoreal-worldprocessesandtasksthatmaptorealIT
objectives.
TheControlObjectivesforInformationandRelatedTechnologies(COBIT)best
practicesframeworkwasinitiallycreatedasawaytohelporganizationsdevelopIT
governanceprocessesandmodels.WhileCOBITistypicallythoughtofas
optimizedforITaudits,itofferssupplementalpracticessuitableforIT
management.
Sohownecessaryaremanagementframeworksinrealdeployments?Whyarewe
wastingvaluablespacetalkingaboutITILandMOFwhenwecouldbecrammingina
couplemorenuggetsofyummyExchangeServer2016technicalgoodness?The
answerissimple:wecan'tincludeeverything.Nomatterhowthorough(andlong)the
b
ook,therewillalwaysbemoretechnicaldetailsthatwecan'tinclude.Instead,we
w
antedtoincludeatleastanintroductiontosomeofthenontechnicalareasthatcan
giveyouanadvantage.
W
hileadeepdiveintoanyofthesealternativesisoutofscopeforthisbook,wedo
w
anttotakeashortpeekattwoofthem:firstITILandthenMOF.Althoughyoudon't
havetoknowanythingaboutthesesubjectstobealow-levelExchangeServer
administrator(butyoushould!),Microsofthasbegunintroducingexposuretothese
conceptsintothetrainingfortheirhigh-levelExchangeServercertifications.
ITIL
ThebestwaytolearnaboutITIListogothroughoneofthetrainingandcertification
events.Outsidesuchclasses,ITILisinessenceacollectionofbestpracticesinthe
disciplineofITservicemanagement.ITservicemanagementisjustwhatitsounds
like:effectiveandconsistentmanagementofITservices.ITmanagementisinmany
respectsnonintuitiveandoffersseveralspecificchallengesthatarenotcommonto
manyothermanagementdisciplines;mostpeopleneedspecifictrainingtolearnhow
tomanageITinthemosteffectiveway.ITILrepresentsthemostacceptedIT
managementapproachintheworld.
ITILwasdevelopedbytheUKCentralComputerandTelecommunicationsAgencyin
anattempttodevelopacentralizedmanagementstandardforITthroughoutthe
v
ariousBritishgovernmentagencies.Thiseffortwasnotsuccessful—inpartduetothe
changefrommainframe-basedcomputingtopersonalcomputersandnetworksand
theresultingloweringofbarrierstoserveracquisitionanddeployment.However,it
didallowtheformationofexistingbestpracticesandthoughtsonITservice
managementintoasinglecollectionofbestpracticesandprocedures,supportedby
tasksandchecklistsITprofessionalscanuseasastartingpointfordevelopingtheir
ownITgovernancestructures.ITILissupportedandofferedbyawidevarietyof
entities,includingmanylargeenterprisesandconsultingfirms,withtrainingand
certificationavailableforITprofessionals.
ITILhasbeenthroughseveraliterations.Themostcurrentversion,ITIL2011,became
availableinJuly2011andconsistsoffivecoretexts:
ServiceStrategyDemonstrateshowtousetheservicemanagementdiscipline
anddevelopitasbothasetofcapabilitiesandalarge-scalebusinessasset
ServiceDesignDemonstrateshowtotakeyourobjectivesanddeveloptheminto
servicesandassetsthroughthecreationofappropriateprocesses
ServiceTransitionDemonstrateshowtotaketheservicesandassetspreviously
createdandtransitionthemintoproductioninyourorganization
ServiceOperationDemonstratestheprocessesandtechniquesrequiredto
managethevariousservicesandassetspreviouslycreatedanddeployed
ContinualServiceImprovementDemonstratestheongoingprocessof
improvingontheservicesandassets
FormoreinformationonITIL,seeitsofficialwebsiteat
https://www.axelos.com/best-practice-solutions/itil.Foragreatimprovementover
theofficialITILtexts,seeITILFoundationExamStudyGuide(Sybex,2012).
MOF
MicrosofthasworkedwithITILformorethan10years,beginningin1999.AsITIL
hasdevelopedandgrowninpopularity,Microsofthasseenthatitscustomersneeded
morespecificguidanceforusingtheprinciplesandconceptsofITILinthecontextof
Microsofttechnologiesandapplications.Asaresult,theycreatedtheMicrosoft
OperationsFramework,whichtheydescribeinthefollowingmanner:
TheMicrosoftstrategyforITservicemanagementistoprovideguidanceand
softwaresolutionsthatenableorganizationstoachievemission-criticalsystem
reliability,availability,supportability,andmanageabilityoftheMicrosoft
platform.ThestrategyincludesamodelfororganizationsandITprostoassess
theircurrentITinfrastructurematurity,prioritizeprocessesofgreatestconcern,
andapplyprovenprinciplesandbestpracticestooptimizeperformanceonthe
Microsoftplatform.
MOFisnotareplacementforITIL;itisonespecificimplementationofITIL,
optimizedforenvironmentsthatuseMicrosoftproducts.It'sspecificallydesignedto
helpITprofessionalsalignbusinessgoalswithITgoalsanddevelopcohesive,unified
processesthatallowthecreationandmanagementofITservicesthroughoutall
portionsoftheITlifecycle.Itiscurrentlyonversion4.0,whichalignswithITILv3.
MOFdefinesfourstagesoftheITservicemanagementlifecycle:
PlanPlanisthefirststageofthecycle:newITservicesareidentifiedandcreated,
ornecessarychangesareidentifiedinexistingITservicesthatarealreadyinplace.
DeliverDeliveristhesecondstage:thenewserviceisimplementedforusein
production.
OperateOperateisthefinalstageofthecycle:theserviceisdeployedand
monitored.ItfeedsbackintothePlanstageinordertoaffectincrementalchanges
asnecessary.
ManageManageisnotaseparatestage;instead,itisanongoingsetofprocesses
thattakeplaceatalltimesthroughoutthecycletomeasureandmonitorthe
effectivenessofyourefforts.ThisisillustratedinFigure3.1.
Figure3.1ThefourstagesoftheMicrosoftITservicemanagementlifecycle
FormoreinformationonMOF,seethefollowingwebpage:
https://technet.microsoft.com/en-us/library/dd320379.aspx
WhatAreYouMeasuring?
Let'sdemonstratethepracticalvalueofsomeofthis“managementframework”
mumbojumbobytacklingahottopic:availabilityanduptime.We'veheardalot
ofexecutivestalkabout“fiveninesofavailability”—butwhat,exactly,doesthat
mean?Youcan'thaveameaningfuldiscussionaboutavailabilitywithoutknowing
exactlywhatkindofavailabilityyou'retalkingabout(whichwe'llgettolaterin
thischapter),andwithoutknowingthat,youcan'tmeasureit,letalonetothe
ludicrousdegreeofdetailthatfiveninesrepresents.
Nowlet'sdiscussuptime.Uptimehasaprettywell-definedmeaning;youjust
needtoknowwhatscopeitappliesto.Areyoutalkingserveruptime,mailbox
uptime,orserviceuptime?Onceyouhavethatdefined,youcantake
measurementsandapplynumbersforquantitativecomparisons.
ITILandMOFgiveyounotonlytheconceptualframeworkforagreeingonwhat
you'remeasuringbutalsoguidanceonhowtoputtheprocessofmeasurement
intoplace.Thatkindofdisciplinecangiveyoualotoflong-termadvantagesand
helpkeepyourExchangeServerdeploymentbettermanagedthanyoucoulddoon
yourown.Thethingtorememberisthattheseframeworksarestartingpoints;
they'renotcastinstone,andthey'renotlawsyoumustrigidlyobey.Ifyoufind
someaspectthatdoesn'tworkforyourorganization,youshouldfirstmakesure
youunderstandwhatthepurposeofthatfeatureisandhowit'sintendedtowork.
Onceyou'resurethatitdoesn'tapplyasis,feelfreetomakedocumentedchanges
tobringitintoalignmentwithyourneeds.
ACloserLookatAvailability
We'vealreadytalkedaboutdisasterrecoveryandhowitcanbeconfusedwithgeneral
dataprotection(backupandrecovery)andbusinesscontinuity.Perhapsanevenmore
commonconfusion,though,isthedistinctionbetweenhighavailabilityanddisaster
recovery.Thisisacommonenougherrorthatwefeltitwasworthdevotingaseparate
sectionofthischapter.
Highavailability(HA)isadesignstrategy.Thestrategyissimple:trytoensurethat
userskeepaccesstoservices,suchastheirExchangeServermailboxesorUnified
Messagingservers,duringperiodsofoutageordowntime.Theseoutagescouldbethe
resultofanysortofevent:
Hardwarefailure,suchasthelossofapowersupply,amemorymodule,orthe
servermotherboard
Storagefailure,suchasthelossofadisk,diskcontroller,ordata-levelcorruption
Networkfailure,suchasthecuttingofanetworkcableorarouteroraswitch
losingconfiguration
Someotherservicefailure,suchasthelossofanActiveDirectorydomain
controlleroraDNSserver
HAtechnologiesandstrategiesaredesignedtoallowagivenservicetocontinuetobe
availabletousers(orotherservices)intheeventofthesekindoffailures.Nomatter
whichtechnologyisinvolved,therearetwomainapproaches,oneorbothofwhichare
usedbyeachHAtechnologyandstrategy:
FaultToleranceandRedundancyThisinvolvesplacingresourcesintoapool
sothatonecantakeuptheloadwhenanothermemberofthepoolfails.This
strategyremovesthepresenceofasinglepointoffailure.Faulttoleranceneedsto
beaccompaniedbysomemechanismforselectingwhichoftheredundant
resourcesistobeused.Thesemechanismsareeitherround-robinorload
balancing.Intheformer,eachresourceinthepoolisusedinturn,regardlessof
thecurrentstateorload.Inthelatter,additionalmechanismsareusedtodirect
userstotheleastloadedmemberoftheresourcepool.Manyhigher-endhardware
systemsuseredundantpartstomaketheoverallserversystemmoreredundantto
manycommontypesofhardwarefailures.
ReplicationThisprocessinvolvesmakingcopiesofcriticaldatabetweenmultiple
membersofaresourcepool.Ifreplicationhappensquicklyenoughandwitha
smallenoughtimeinterval,whenonememberoftheresourcepoolbecomes
unavailable,anothermembercantakeovertheload.Mostreplicationstrategies,
includingExchangeServer'sdatabasereplicationfeatures,arebasedonasingle
masterstrategy,whereallupdateshappentothemaster(oractive)copyandare
replicatedtotheadditionalcopies.SometechnologiessuchasActiveDirectoryare
designedtoallowmultimasterreplication,whereupdatescanbedirectedtothe
closestmember.ExchangeServer2016canusedatabaseavailabilitygroups
(DAGs)toreplicatecopiesofdatafromoneMailboxservertoanotherandto
providefailoverintheeventthedatabasewherethemailboxresidesfails.
MeasuringAvailability
Itisnotuncommontofindthatavailabilityofasystemismeasureddifferently
dependingontheorganization.Typically,toreportthepercentageofavailability,
youtaketheamountoftimeduringameasurementperiodandthensubtractthe
totaldowntimeduringthatperiod.Finally,youdividethatnumberbythetotal
elapsedtime.
So,let'ssaythatduringa30-dayperiodoftime,therewasnoscheduled
downtime,buttherewasa4-hourperiodoftimewhenpatcheswereappliedto
thesystem.So,30days–.17days=29.8daysoftotaluptime,and29.8/30=99.3
percentavailability.
Thisisjustasamplecalculation,ofcourse.Intherealworld,youmayhavea
maintenancewindowduringyouroperationsthatwouldnotcountagainstyour
availabilitynumbers.Youwanttodoyourverybesttominimizetheamountof
unplanneddowntime,butyoualsohavetotakeintoconsiderationscheduled
maintenanceandplanneddowntime.
Insomeorganizations,nodowntime,plannedorunplanned,isacceptable.You
mustdesignyoursystemsaccordingly.
ServiceAvailability
WhenwehavediscussionswithpeopleabouthighavailabilityinExchangeServer
organizations,wefindthatthelevelofhighavailabilitythatmostofthemareactually
thinkingaboutisserviceavailability.Thatis,theythinkoftheExchangeServer
deploymentasanoverallserviceandthinkofhowtoensurethatuserscangetaccess
toeverything(eitherthatortheythinksolelyofhardwareclusters,storagereplication,
andtheotherlow-endtechnologies).Itisimportanttonotethatwhendiscussing
serviceavailability,thistermmaymeandifferentthingstodifferentpeople.
Serviceavailabilityisanimportantconsiderationfortheoverallavailabilitystrategy.It
doesn'tmakealotofsensetoplanforredundantserverhardwareifyouforgetto
deploysufficientnumbersofthoseserverswiththerightExchangeServerrolesinthe
appropriatelocations.(We'lldiscusstheproperratiosandrecommendationsforrole
andserverplacementinChapter8,“UnderstandingServerRolesand
Configurations.”)Toensuretrueserviceavailability,youneedtoconsideralltheother
levelsofavailability.
TheotheraspectofserviceavailabilityistothinkaboutwhatotherservicesExchange
Serverisdependenton:
TheobviousdependencyisActiveDirectory.EachExchangeserverrequiresaccess
toadomaincontroller,aswellasglobalcatalogservers.ThemoreExchange
serversinthesite,themoreofeachActiveDirectoryrolethatthesiterequires.If
yourdomaincontrollersarealsoDNSservers,youneedenoughDNSserversto
survivethelossofoneortwo.IfyouloseallDNSserversoralldomaincontrollers
inanActiveDirectorysite,ExchangeServerwillfail.
Whattypeofnetworkservicesdoyouneed?DoyouassignstaticIPaddressesand
defaultgatewaysordoyouuseDHCPanddynamicrouting?Doyouhaveextra
routerorswitchingcapacity?Whataboutyourfirewallconfigurations—doyou
haveonlyasinglefirewallbetweendifferentnetworkzonesorarethoseredundant
aswell?
WhatotherapplicationsdoyoudeployaspartofyourExchangeServer
deployment?DoyourelyonamonitoringsystemsuchasMicrosoftSystemCenter
OperationsManager?Whatwilloccurifsomethinghappenstoyourmonitoring
server;istherearedundantorbackupsystemthattakesover,orwilladditional
faultsandfailuresgounnoticedandbeallowedtoimpacttheExchangeServer
system?DoyouhaveenoughbackupagentsandserverstoprotectyourMailbox
servers?
Serviceavailabilitytypicallyrequiresacombinationofredundancyandreplication
strategies.Forexample,youdeploymultipleActiveDirectorydomaincontrollersina
siteforredundancy,buttheyreplicatethedirectorydatabetweeneachother.
NetworkAvailability
Thenextareawewanttotalkaboutisnetworkavailability.Bythis,wedon'tmeanthe
typesofnetworkserviceswementionedintheprevioussection.Instead,whatwe
meanistheabilitytoensurethatyoucanreceivenewconnectionrequestsfrom
clientsandotherservers,regardlessofwhetheryourorganizationusesExchange
servers,PBXsystemsandtelephonygateways,orexternalmailservers.Network
availabilityisakeypartofExchangeServerinfrastructureandmustbeconsideredasa
partofyouroverallserviceavailability.
Thetypicalstrategyfornetworkavailabilityisloadbalancing.Thisisnetwork-level
redundancy.Simplenetworkloadbalancersusearound-robinmechanismtoalternate
andevenly(onthebasisofnumbers)distributeincomingconnectionstothemembers
oftheresourcepool.Othersolutionsusemoresophisticatedmechanisms,suchas
monitoringeachmemberofthepoolforoverallloadandassigningincoming
connectionstotheleast-loadedmember.
ForlargerorganizationsandcomplexExchangeServerdeployments,it'scommonto
usehardwareloadbalancers.Hardwaresystemsaretypicallymoreexpensiveand
representyetmoresystemstomanageandmaintain,sotheyaddadegreeof
complexitythatisoftenundesirabletosmallerorganizations.Smallerorganizations
oftenprefertousesoftware-basedload-balancingsolutions,suchasWindows
NetworkLoadBalancing(WNLB).
Unfortunately,WNLBisn'tgenerallysuitableforExchangeServer2016deployments.
ThisistheofficialrecommendationofboththeExchangeServerproductgroupand
theWindowsproductgroup,thefolkswhodeveloptheWNLBcomponent.WNLBhas
afewcharacteristicsthatrenderitunsuitableforusewithExchangeServerinanybut
thesmallestofdeploymentsortestenvironments:
WNLBsimplyperformsround-robinbalancingofincomingconnections.Itdoesn't
detectwhethermembersoftheload-balanceclusteraredown,soitwillkeep
sendingconnectionstothedownedmember.Thiscouldresultinintermittentand
confusingbehaviorforclientsandlossordelayofmessagesfromexternalsystems.
IfyoumustdeployWNLB,alsoconsiderdeployingscriptsthatcanmonitor
applicationhealthandupdatedWNLBaccordingly,asdemonstratedhere:
http://msdn.microsoft.com/en-us/library/windows/desktop/cc307934.aspx
WNLBisincompatiblewiththeWindowsFailoverClustering.Thismeansthat
smallshopscan'tdeployapairofserverswiththeMailboxroleandthenuse
WNLBtoloadbalanceclientaccessorusecontinuousreplicationtoreplicatethe
mailboxdatabases.
Evenwhenusinghardwarenetworkloadbalancing,thereareseveralthingsto
rememberandbestpracticestofollow.(Formoreinformationonloadbalancing,
DNS,andWNLB,seeChapter21,“UnderstandingtheClientAccessServer.”)
DataAvailability
We'veseenmanyExchangeServerorganizationdesignsanddeploymentplans.Most
ofthemspendalotoftimeensuringthatthemailboxdatawillbeavailable.
InallversionsofExchangeServerpriortoExchangeServer2007,havinghigh
availabilityformailboxdatabasesmeantusingWindowsFailoverClustering(WFC),
whichwasafeatureofWindowsEnterpriseEdition.Oneofthefeaturesprovidedby
WFCistheabilitytocreategroupsofservers(clusters)thatsharestorageresources.
Withinthisclusterofservers,oneormoreinstancesofExchangeServerwouldbe
runningandcontrollingthemailboxdatabases.Ifonehardwarenodeweretofail,the
activeserverinstancewouldfailovertoanotherhardwarenode,andtheshared
storageresourceswouldmovewithit.
FailoverclusteringisacommonHAstrategy,andWFCisaproventechnology.This
turnedouttobeagoodstrategyformanyExchangeServerorganizations.However,
failoverclusteringhassomecons.Forclustersthatrelyonasharedquorum,the
biggestistherelianceonsharedstorage—typically,astorageareanetwork.Shared
storageincreasesthecostandcomplexityoftheclusteringsolution,butitdoesn't
guardagainstthemostcommoncauseofExchangeServeroutage:diskfailureor
corruption.
ExchangeServer2007introducedadata-availabilitysolutioncalledcontinuous
replicationtohelpovercomesomeoftheweaknessesassociatedwithfailover
clusteringandtoallowmoreorganizationstotakeadvantageofhighlyavailable
deployments.Continuousreplication,alsoknownaslogshipping,copiesthe
transactionlogscorrespondingtoamailboxdatabasefromoneMailboxserverto
another.Thetargetthenreplaysthelogsintoitsownseparatecopyofthedatabase,
re-creatingthelatestchanges.
ExchangeServer2010addedmorefeaturestocontinuousreplication,includingdata
encryptionandcompression.WithExchangeServer2016,aMailboxservercanhave
upto15replicationpartners.Youcanjoinserversintoadatabaseavailabilitygroup;
membersofthatgroupcanreplicateoneormoreoftheirmailboxdatabaseswiththe
otherserversinthegroup.Eachdatabasecanbereplicatedseparatelyfromothersand
haveoneormorereplicas.ADAGcancrossActiveDirectorysiteboundaries,thereby
providingsiteresiliency,andactivationofapassivecopycanbeautomatic.
We'llgointomoredetailaboutDAGsandcontinuousreplicationinExchangeServer
2016inChapter20,“CreatingandManagingDatabaseAvailabilityGroups.”
HAvs.DR:NottheSame
We'llprovideaquickcomparisonbetweenthetypicalExchangeServerHA
deploymentandDRdeployment.Ifyouthinkthatbyhavingdisasterrecoveryyou
haveavailability,orviceversa,thinkagain.
InanHAExchangeServerenvironment,thefocusisusuallyonkeeping
mailboxesupandrunningforusers,transferringmailwithexternalsystems,and
keepingExchangeServerservicesup.InaDRenvironment,thefocusisusually
onrestoringabareminimumofservices,oftenforasmallerportionoftheoverall
userpopulation.Inshort,thedifferenceisthatofabundanceversustriage.
ForExchangeServer,anHAdesigncanprovideseveraladvantagesbeyondthe
obviousavailabilitygoals.AhighlyavailableExchangeServerenvironmentoften
enablesserverconsolidation;thesametechnologiesthatpermitmailboxdatato
bereplicatedbetweenserversortokeepmultipleinstancesofkeyExchange
Serverservicesalsopermitgreaterusermailboxdensityorforcetheupgradingof
keyinfrastructure(likenetworkbandwidth)sothatagreaternumberofuserscan
behandled.ThisincreaseddensitycanmakeproperDRplanningmoredifficultby
increasingtherequirementsforaDRsolutionandmakingithardertoidentify
andtargettheappropriateuserpopulations.
That'snottosaythatHAandDRareincompatible.Farfromit;youcanand
shoulddesignyourExchangeServer2016deploymentforboth.Todothat
effectively,though,youneedtohaveaclearunderstandingofwhateach
technologyandfeatureactuallyprovideyou,soyoucanavoiddesignerrors.For
example,ifyouhaveseparategroupsofuserswhowillneedtheirmailboxes
replicatedtoaDRsite,setthemasideinseparatemailboxdatabases,ratherthan
minglingtheminwithuserswhosemailboxeswon'tbereplicated.
StorageAvailability
ManyadministratorsandITprofessionalsimmediatelythinkofstoragedesignswhen
theyhearthewordavailability.Althoughstorageisacriticalpartofensuringthe
overallserviceavailabilityofanExchangeServerorganization,theimpactofstorage
designisfarmorethanjustavailability;itdirectlyaffectsperformance,reliability,and
scalability.
AnOverviewofExchangeStorage
Inmedium-sizedandlargeorganizations,theExchangeServeradministratoris
usuallynotresponsibleforstorage.Manymedium-sizedandlargeorganizationsuse
specializedstorageareanetworksthatrequireadditionaltrainingtomaster.Storageis
amassivetopic,butwefeelitisimportantthatyouatleastbeabletospeakthe
languageofstorageandbeknowledgeableaboutstorageconcepts.
Fromtheverybeginning,messagingsystemshavehadagive-and-takerelationship
withtheunderlyingstoragesystem.Evenonsystemsthataren'tdesignedtooffer
long-termstorageforemail(suchasISPsystemsthatofferonlyPOP3access),email
createsdemandsonstorage:
Thetransportcomponentsmusthavespacetoqueuemessagesthatcannotbe
immediatelytransmittedtotheremotesystem.
Thedeliverycomponentmustbeabletostoreincomingmessagesthathavebeen
deliveredtoamailboxuntiluserscanretrievethem.
Themessagestore,insystemslikeExchangeServer,permitsuserstokeepacopy
oftheirmailboxdataoncentralservers.
Astheserveraccepts,transmits,andprocessesemail,itkeepslogswithvarying
levelsofdetailsoadministratorscantroubleshootandauditactivities.
Althoughyou'llhavetowaitforsubsequentchapterstodelveintothedetailsof
planningstorageforExchangeServer,thefollowingsectionsgooverthetwobroad
categoriesofstoragesolutionsthatareusedinmodernExchangeServersystems:
directattachedstorage(DAS)andstorageareanetworks(SANs).Thethirdtypeof
storage,network-attachedstorage(NAS),isgenerallynotsupportedwithExchange
Server2013orExchangeServer2016.
Directattachedstorageisthemostcommontypeofstorageingeneral.DASdisksare
usuallyinternaldisksordirectlyattachedviacable.Justabouteveryserver,exceptfor
somehigh-endvarieties,suchasbladesystemsusingboot-over-SAN,usesDASat
somelevel;typically,atleastthebootandoperatingsystemvolumesareonsomeDAS
configuration.However,inversionsofExchangeServerpriortoExchangeServer
2010,DAShasdrawbacks:itdoesn'tnecessarilyscaleaswellforeithercapacityor
performance.Further,organizationsthathaveinvestedsignificantamountsofmoney
intheirSANsmaystillrequirethatExchangeServerusetheSANinsteadofDAS.
Tosolvetheseproblems,peoplelookedatNASdevicesasoneofthepotential
solutions.Thesemachines—giantfileservers—sitonthenetworkandsharetheirdisk
storage.Theyrangeinpriceandconfigurationfromsmallplug-indeviceswithfixed
capacitytolargeinstallationswithmoreconfigurationoptionsthanmostluxurycars
(andapricetagtomatch).Companiesthatboughtthesewereusingthemtoreplace
fileservers,webserverstorage,SQLServerstorage—whynotExchangeServer?
However,theonlyversionofExchangeServerthatsupportedNASwasExchange
Server2003.InsteadofcontinuingtosupportNAS,theExchangeServerdevelopment
teamswitchedtoreducingtheoverallI/OrequirementssothatDASconfigurations
becomepracticalfororganizations.ExchangeServer2007movedtoa64-bit
architecturetoremovememory-managementbottlenecksinthe32-bitWindows
kernel,allowingtheExchangeInformationStoretousemorememoryforintelligent
mailboxdatacachingandreducediskI/O.ExchangeServer2010inturnmade
aggressivechangestotheon-diskmailboxdatabasestructures,suchasmovingtoa
newdatabaseschemathatallowspagestobesequentiallywrittentotheendofthe
databasefileratherthanrandomlythroughoutthefile.Theschemaupdatesimprove
indexingandclientperformance,allowingcommontasks,suchasupdatingfolder
viewstohappenmorequicklywhilerequiringfewerdiskreadsandwrites.These
changeshelpimproveefficiencyandcontinuetodrivemailboxI/Odown.
EveryversionofExchangeServerhasreducedtheI/Orequirementsforrunning
ExchangeServer.ExchangeServer2016isnoexception.PriortoExchangeServer
2016,ExchangeServer2013madesignificantchangestotheI/Oprofilepresentedby
ExchangeServer.BetweenExchangeServer2010andExchangeServer2013,
MicrosoftreducedI/Orequirementsbetween33percentand50percent.From
ExchangeServer2003toExchangeServer2013,I/Orequirementshavebeenreduced
byover90percent!However,thesereductionsinI/Orequirementsnowmakeit
practicaltoreexamineDASasasolutionforExchangeServerstorage(and,infact,
DASisrecommendedbyMicrosoftforExchangeServer2010andlaterversions).If
youopttouseDASforyourimplementation,considerusingfourdatabasecopiesfor
eachdatabasetomeetMicrosoft'srecommendationformaximizingavailabilityand
minimizingissues.
ThepremisebehindaSANistomovediskstodedicatedstorageunitsthatcanhandle
alltheadvancedfeaturesyouneed—high-endRAIDconfigurations,hot-swap
replacement,on-the-flyreconfiguration,rapiddisksnapshots,tightintegrationwith
backupandrestoresolutions,andmore.Thishelpsconsolidatetheoverheadof
managingstorage,oftenspreadoutondozensofserversandapplications(andtheir
associatedstaff),intoasinglesetofpersonnel.Then,dedicatednetworklinksconnect
thesestoragesiloswiththeappropriateapplicationservers.Yetthisconsolidationof
storagecanalsobeaseriouspitfallbecauseExchangeServerisusuallynottheonly
applicationplacedontheSAN.Applications,suchasSharePoint,SQL,archiving,and
fileservicesmayallbesharingthesameaggregatedsetofspindlesandcausedisk
contention,whichleadstopoorperformance.
DirectAttachedStorage
AsusedforlegacyExchangeServerstorage,DAShistoricallydisplaystwomain
problems:performanceandcapacity.Asmailboxdatabasesgotlargerandtrafficlevels
rose,prettysoonpeoplewantedtolookforalternatives;DASstorageunderExchange
Server2000andExchangeServer2003requiredmanydiskstomeetI/O
requirements,becauseExchangeServer'sI/Oprofilewasoptimizedforthe32-bit
memoryarchitecturethatWindowsprovidedatthetime.
TogetmorescalabilityonlogicaldisksthatsupportExchangeServerdatabases,you
canalwaystryaddingmorediskstotheserver.Thisgivesyouaconfigurationknown
asJustaBunchofDisks(JBOD).
AlthoughJBODcanusuallygiveyoutherawdiskstoragecapacityyouneed,ithas
threeflawsthatrenderitunsuitableforallbutthesmallestoflegacyExchangeServer
deployments:
JBODForcesYoutoPartitionYourDataBecauseeachdiskhasafinite
capacity,youcan'tstoredataonthatdiskifitislargerthanthecapacity.For
example,ifyouhavefour250GBdrives,eventhoughyouhaveapproximately1TB
ofstorageintotal,youhavetobreakthatupintoseparate250GBpartitions.
Historically,thishascausedsomeinterestingdesigndecisionsinmessaging
systemsthatrelyonfilesystem-basedstorage.
JBODOffersNoPerformanceBenefitsInmanyJBODimplementations,each
diskisresponsibleforonlyonechunkofstorage,soifthatdiskisalreadyinuse,
subsequentI/Orequestswillhavetowaitforittofreeupbeforetheycango
through.Asinglediskcanthusbecomeabottleneckforthesystem,whichcan
slowdownmailforallyourusers(notjustthosewhosemailboxesarestoredon
theaffecteddisk).
JBODOffersNoRedundancyIfoneofyourdisksdies,you'reoutofluck
unlessyoucanrestorethatdatafrombackup.True,youhaven'tlostallyourdata,
buttheone-quarterofyouruserswhohavejustlosttheiremailarenotlikelytobe
comfortedbythatobservation.
SeveraloftheExchangeServer2010designgoalsfocusedonbuildinginthenecessary
featurestoworkaroundtheseissuesandmakeaDASJBODdeploymentarealistic
optionformoreorganizations.ExchangeServer2016designgoalsincludedcontinuing
toreducethetotalI/OrequirementnecessaryforExchangeServer,makingDASeven
morerealisticformanyorganizations.Infact,Office365runsoffDAS!
However,legacyversionsofExchangeServercontainnomechanismstoworkaround
theseissues.Luckily,somebrightpeoplecameupwithagreatgenericanswerto
JBODthatalsoworkswellforlegacyExchangeServer:theRedundantArrayof
InexpensiveDisks(RAID).
ThebasicpremisebehindRAIDistogrouptheJBODdiskstogetherinvarious
configurationswithadedicateddiskcontrollertohandlethespecificdiskoperations,
allowingthecomputer(andapplications)toseetheentirecollectionofdrivesand
controllerasoneverylargediskdevice.Thesecollectionsofdisksareknownasarrays;
thearraysarepresentedtotheoperatingsystem,partitioned,andformattedasifthey
werejustregulardisks.ThecommontypesofRAIDconfigurationsareshowninTable
3.1.
Table3.1RAIDConfigurations
Raid
Level
Name Description
None Concatenated
drives
Twoormoredisksarejoinedtogetherinacontiguousdata
space.Asonediskinthearrayisfilledup,thedataiscarried
overtothenextdisk.Thoughthissolvesthecapacityproblem
andiseasytoimplement,itoffersnoperformanceor
redundancywhatsoeverandmakesitmorelikelythatyou're
goingtoloseallyourdata,notless,throughasinglediskfailure.
ThesearraysarenotsuitableforusewithlegacyExchange
servers.
RAID
0
Striped
drives
Twoormorediskshavedatasplitamongthemevenly.Ifyou
writea1MBfiletoatwo-diskRAID0array,halfthedatawill
beononedisk,halfontheother.Eachdiskinthearraycanbe
writtento(orreadfrom)simultaneously,givingyoua
noticeableperformanceboost.However,ifyouloseonediskin
thearray,youloseallyourdata.Thesearraysaretypicallyused
forfast,large,temporaryfiles,suchasthoseinvideoediting.
ThesearraysarenotsuitableforusewithExchangeServer;
whiletheygiveexcellentperformance,theriskofdatalossis
typicallyunacceptable.
RAID
1
Mirrored
drives
Typicallydonewithtwodisks(althoughsomevendorsallow
more),eachdiskreceivesacopyofallthedatainthearray.If
youloseonedisk,youstillhaveacopyofyourdataonthe
remainingdisk;youcaneithermovethedataorplugina
replacementdiskandrebuildthemirror.RAID1alsogivesa
performancebenefit;readscanbeperformedbyeitherdisk,
becauseonlywritesneedtobemirrored.However,RAID1can
beoneofthemorecostlyconfigurations;tostore500GBof
data,you'dneedtobuytwo500GBdrives.Thesearraysare
suitableforusewithlegacyExchangeServervolumes,
dependingonthetypeofdataandtheperformanceofthearray.
RAID1isfairlycommonfortheoperatingsystemdisk.
RAID
5
Paritydrive Threeormorediskshavedatasplitamongthem.However,one
disk'sworthofcapacityisreservedforparitychecksumdata;
thisisaspecialcalculatedvaluethatallowstheRAIDsystemto
rebuildthemissingdataifonedriveinthearrayfails.Theparity
dataisspreadacrossallthedisksinthearray.Ifyouhadafour-
disk250GBRAID5array,you'dhaveonly750GBofusable
space.RAID5arraysofferbetterperformancethanJBODbut
worseperformancethanotherRAIDconfigurations,especially
onthewriterequests;thechecksummustbecalculatedandthe
dataplusparitywrittentoallthedisksinthearray.Also,ifyou
loseonedisk,thearraygoesintodegradedmode,whichmeans
thatevenreadoperationswillneedtoberecalculatedandwill
beslowerthannormal.Thesearraysaresuitableforusewith
legacyExchangeServermailboxdatabasevolumesonsmaller
servers,dependingonthetypeofdataandtheperformanceof
thearray.Duetotheirwriteperformancecharacteristics,they
areusuallynotwellmatchedfortransactionlogvolumes.
RAID
6
Doubleparity
drive
ThisRAIDvariantisdesignedtoprovideRAID5arrayswiththe
abilitytosurvivethelossoftwodisks.Otherthanofferingtwo-
diskresiliency,baseRAID6implementationsoffermostlythe
samebenefitsanddrawbacksasRAID5.Somevendorshave
builtcustomimplementationsthatattempttosolvethe
performanceissues.Thesearraysaresuitableforusewith
ExchangeServer,dependingonthetypeofdataandthe
performanceofthearray.
RAID
10
RAID
0+1
RAID
1+0
Mirroring
plusstriping
ARAID10arrayisthemostcostlyvarianttoimplement
becauseitusesmirroring.However,italsousesstripingto
aggregatespindlesanddeliverblisteringperformance,which
makesitagreatchoiceforhigh-endarraysthathavetosustain
ahighlevelofI/O.Asasidebonus,italsoincreasesyour
chancesofsurvivingthelossofmultipledisksinthearray.
Therearetwobasicvariants.RAID0+1takestwobigstripe
arraysandmirrorsthemtogether;RAID1+0takesmultiple
mirrorpairsandstripesthemtogether.Bothvariantshave
essentiallythesameperformancenumbers,but1+0ispreferred
becauseitcanberebuiltmorequickly(youonlyhaveto
regenerateasingledisk)andhasfarhigherchancesofsurviving
thelossofmultipledisks(youcanloseonediskineachmirror
pair).Thesearrayshavetraditionallybeenusedforhigh-end
highlyloadedlegacyExchangeServermailboxdatabase
volumes.
NotethatseveralofthesetypesofRAIDarraysmaybesuitableforyourExchange
server.Whichone,ifany,shouldyouuse?Theanswertothatquestiondepends
entirelyonhowmanymailboxesyourserversareholding,howthey'reused,andother
typesofbusinessneeds.Bewareofanyonewhotriestogivehard-and-fastanswers
suchas“AlwaysuseRAID5forExchangeServerdatabasevolumes.”Todeterminethe
trueanswer,youneedtogothroughaproperstorage-sizingprocess,findoutwhat
yourI/Oandcapacityrequirementsarereallygoingtobe,thinkaboutyourdata
recoveryneedsandservice-levelagreements(SLAs),andthendecidewhatstorage
configurationwillmeetthoseneedsforyouinafashionyoucanafford.Thereareno
magicbullets.TakealookattheExchangeServerRoleRequirementsCalculator,
whichprovidesgoodvalueforsizingforyourExchangeenvironment,including
storage.Seehttps://gallery.technet.microsoft.com/office/Exchange-2013-Server-Role-
f8a61780formoreinformation.
Ineverycase,theRAIDcontrolleryouuse—thepieceofhardware,plusdrivers,that
aggregatestheindividualdiskvolumesforyouintoasinglepseudo-devicethatis
presentedtoWindows—playsakeyrole.Youcan'tjusttakeacollectionofdisks,toss
themintoslotsinyourserver,andgototownwithRAID.Youneedtoinstallextra
driversandmanagementsoftware,youneedtotakeextrastepstoconfigureyour
arraysbeforeyoucanevenusetheminWindows,andyoumayevenneedtoupdate
yourdisaster-recoveryprocedurestoensurethatyoucanalwaysrecoverdatafrom
drivesinaRAIDarray.Generally,you'llneedtotestwhetheryoucanmovedrivesin
onearraybetweentwocontrollers,eventhosefromthesamemanufacturer;notall
controllerssupportalloptions.AfteryourserverhasmelteddownandyourSLAisfast
approachingisnotagoodtimetofindoutthatyouneededtohaveasparecontroller
onhand.
IfyouchoosetheDASroute(whetherJBODorRAID),you'llneedtothinkabouthow
you'regoingtohousethephysicaldisks.Modernservercasesdon'tleavealotofextra
roomfordisks;thisisespeciallytrueofrack-mountedsystems.Usually,thismeans
you'llneedsomesortofexternalenclosurethathooksbackintoaphysicalbuson
yourserver,suchasSASoreSATAdisks.Makesuretogivetheseenclosuressuitable
powerandcooling;harddrivespullalotofpowerandreturnitalleventuallyasheat.
Alsomakesurethatyourdrivebackplanes(thephysicalconnectionpoints)and
enclosuressupporthot-swapcapability,whereyoucaneasilypullthedriveand
replaceitwithoutpoweringthesystemdown.Keepacoupleofsparedrivesanddrive
sledsonhand,too.Manyenclosuressupporthotspares,whicharedisksthatare
installedintheenclosurebutarenotactiveuntilanotherdrivefails.Youdon'twantto
havetoscheduleanoutageofyourExchangeserverinordertoreplaceafaileddrivein
aRAID5array,lettingallyourusersenjoytheperformancehitofathrashingRAID
volumebecausethearrayisindegradedmodeuntilthereplacementdrivesarrive.
RAIDControllersAreNotAllCreatedEqual
Beware!NotallkindsofRAIDarecreatedequal.Beforeyouspendalotoftime
tryingtofigureoutwhichconfigurationtochoose,firstthinkaboutyourRAID
controller.Therearethreekindsofthem,andunlikeRAIDconfigurations,it's
prettyeasytodeterminewhichkindyouneedforExchangeServer:
SoftwareRAIDSoftwareRAIDavoidsthewholeproblemofhavingaRAID
controllerbyperformingallthemagicintheoperatingsystemsoftware.Ifyou
convertyourdisktodynamicvolumes,youcandoRAID0,RAID1,andRAID
5(knownasSimple,Mirror,orParitystoragelayouts)nativelyinWindows
Server2012R2withoutanyextrahardware.However,Microsoftstrongly
recommendsthatyounotdothiswithExchangeServer,andtheExchange
Servercommunityechoesthatrecommendation.Ittakesextramemoryand
processingpower,anditinevitablyslowsyourdisksdownfromwhatyou
couldgetwithasimpleinvestmentingoodhardware.Youwillalsonotbeable
tosupporthigherlevelsofI/Oloadwiththisconfiguration,inourexperience.
BIOSRAIDBIOSRAIDattemptstoprovide“cheap”RAIDbyputtingsome
codeforRAIDintheRAIDchipset,whichisthenplacedeitherdirectlyonthe
motherboard(commoninworkstation-gradeandlow-endserver
configurations)oronaninexpensiveadd-incard.Thedirtylittlesecretisthat
theRAIDchipsetisn'treallydoingtheRAIDoperationsinhardware;againit's
allhappeninginsoftware,thistimeintheassociatedWindowsdriver(which
iswrittenbythevendor)ratherthananofficialWindowssubsystem.Ifyou're
abouttopurchaseaRAIDcontrollercardforapricethatseemstoogoodtobe
true,it'sprobablyoneofthesecards.TheseRAIDcontrollerstendtohave
fewerports,whichlimitstheiroverallutility.AlthoughyoucangetExchange
Servertoworkwiththem,youcandosoonlywithaverylownumberofusers.
Otherwise,you'llquicklyhitthelimitsthesecardshaveandstressyour
storagesystem.Justavoidthem;thetimeyousavewillmorethanmakeupfor
theup-frontpricesavings.
HardwareRAIDThisistheonlykindofRAIDyoushouldevenbethinking
aboutforyourExchangeservers.Thismeansgood-quality,high-endcardsthat
comefromreputablemanufacturersthathavetakenthetimetogetthe
productontheWindowsHardwareCompatibilityList(HCL).Thesecardsdoa
lotoftheworkforyoursystem,removingtheCPUoverheadofparity
calculationsfromthemainprocessors,andtheyarewortheverypennyyou
payforthem.Betteryet,they'llbeabletohandletheloadyourExchange
serversandusersthrowatthem.
Ifyoucan'ttellwhetheragivencontrolleryou'reeyeingisBIOSortruehardware
RAID,gethelp.LotsofforumsandwebsitesontheInternetwillhelpyousortout
whichhardwaretogetandwhichtoavoid.Whileyou'reatit,springafewextra
bucksforgood,reliabledisks.Wecannotstressenoughtheimportanceofnot
cuttingcornersonyourExchangeServerstoragesystem;althoughExchange
Server2016givesyoualotmoreroomfordesigningstorageandbringsback
optionsyoumaynothavehadbefore,youstillneedtobuythebestcomponents
thatyoucantomakeupthedesignedstoragesystem.Thetimeandlong-term
costsyousavewillbeyourown.
StorageAreaNetworks
InitialSANsolutionsusedfiber-opticconnectionstoprovidethenecessarybandwidth
forstorageoperations.Asaresult,thesesystemswereincrediblyexpensiveandwere
usedonlybyorganizationswithdeeppockets.TheadventofGigabitEthernetover
copperandnewstoragebustechnologies,suchasSATAandSAS,hasmovedthecost
ofSANsdownintotherealmwheremidsizedcompaniescannowaffordboththe
stickerpriceandtheresourcetrainingtobecomecompetentwiththesenew
technologies.
Overtime,manyvendorshavebeguntoofferSANsolutionsthatareaffordableeven
forsmallcompanies.Themainreasonthey'vebeenabletodosoistheiSCSIprotocol:
block-basedfileaccessroutedoverTCP/IPconnections.AddiSCSIwithubiquitous
GigabitEthernethardware,andSANdeploymentshavebecomealotmorecommon.
Clusteringandhigh-availabilityconcernsaretheotherfactorsinthegrowthof
ExchangeServer/SANdeployments.ExchangeServer2003supportedclustered
configurationsbutrequiredtheclusternodestohaveasharedstoragesolution.Asa
result,anyorganizationthatwantedtodeployanExchangeServerclusterneeded
somesortofSANsolution(apartfromthehandfulofpeoplewhostuckwithshared
SCSIconfigurations).ASANhasacertainelegancetoit;yousimplycreateavirtual
sliceofdrivespaceforExchangeServer(calledaLUN,orlogicalunitnumber),use
FibreChanneloriSCSI(andcorrespondingdrivers)topresentittotheExchange
server,andawayyougo.EvenwithExchangeServer2007—whichwasreengineered
withaneyetowardmakingDASasupportablechoiceforExchangeServerstoragein
specificCCRandSCRconfigurations—manyorganizationsstillfoundthatusingaSAN
forExchangeServerstoragewasthebestanswerfortheirvariousbusiness
requirements.Bythistime,managementhadseenthebenefitsofcentralizedstorage
managementandwantedtoensurethatExchangeServerdeploymentswerepartof
thebigplan.
However,SANsolutionsdon'tfixallproblems,evenwith(usuallybecauseof)their
pricetag.Often,SANsmakeyourenvironmentevenmorecomplexanddifficultto
support.BecauseSANscostsomuch,thereisoftenastrongdrivetousetheSANfor
allstorageandmakefulluseofeverylastfreeblockofspace.Thecostpergigabyteof
storageforaSANcanbebetween3and10timesasexpensiveasDASdisks.
Unfortunately,ExchangeServer'sI/Ocharacteristicsareverydifferentthanthoseof
justaboutanyotherapplication,andfewdedicatedSANadministratorsreallyknow
howtoproperlyallocatediskspaceforExchangeServer:
SANadministratorsdonotusuallyunderstandthattotaldiskspaceisonlyone
componentofExchangeServerperformance.Forday-to-dayoperations,itisfar
moreimportanttoensureenoughperformance.Traditionally,thisisdeliveredby
usinglotsofphysicaldisks(commonlyreferredtoas“spindles”)toincreasethe
amountofsimultaneousread/writeoperationssupported.Itisimportanttomake
suretheSANsolutionprovidesenoughperformance,notjustfreediskspace,or
ExchangeServerwillcrawl.
EvenifyoucanconvincethemtoconfigureLUNsspreadacrossenoughdisks,SAN
administratorsimmediatelywanttoreclaimthatwastedspace.Asaresult,youend
upsharingthesamespindlesbetweenExchangeServerandsomeotherapplication
withitsownperformancecurve,andthensuddenlyyouhaveextremelynoticeable
buthard-to-diagnoseperformanceissueswithyourExchangeservers.Shared
spindleswillcraterExchangeServerperformance.
AlthoughsomeSANvendorshaveputalotoftimeandeffortintounderstanding
ExchangeServeranditsI/Oneedssothattheirsalespeopleandcertified
consultantscanhelpyoudeployExchangeServerontheirproductsproperly,not
everyonedoesthesame.Manyvendorswillshrugoffperformanceconcernsby
tellingyouabouttheirextensivewritecachingandhowgoodwritecachingwill
smoothoutanyperformanceissues.Theirargumentistrue—uptoapoint.Acache
canhelpisolateExchangeServerfromtheeffectsoftransientI/Oevents,butit
won'thelpyoucomeMondaymorningwhenallyourusersarelogginginandthe
SQLServerdatabasesthatshareyourspindlesarechurningthroughextra
operations.
Themoralofthestoryissimple:don'tbelievethatyouneedtohaveaSAN.Thisis
especiallytruewithExchangeServer2016;therehavebeenalotofunder-the-hood
changestothemailboxdatabasestoragetoensurethatmorecompaniescandeploya
7200RPMSATAJBODconfigurationandbeabletogetgoodperformanceand
reliabilityfromthatsystem,especiallywhenyouareusingdatabaseavailabilitygroups
andmultiplecopiesofyourdata.
IfyoudofindthataSANprovidesthebestvalueforyourorganization,getthebest
oneyoucanafford.MakesurethatyourvendorsknowExchangeServerstorageinside
andout;ifpossible,getthemtoputyouincontactwiththeiron-staffExchangeServer
specialists.HavethemworkwithyourSANadministratorstocomeupwithastorage
configurationthatmeetsyourrealExchangeServerneeds.
We'llgointomoredetailsaboutExchangeServerstorageinChapter19,“Creatingand
ManagingMailboxDatabases.”
ComplianceandGovernance
Quitesimply,today'slegalsystemconsidersemailtobeanofficialformofbusiness
communicationjustlikewrittenmemos.Thismeansthatanytypeoflegal
requirementorlegalactionagainstyourorganization(regardingbusinessrecords)
willundoubtedlyincludeemail.Unlessyouworkinaspecificverticalmarket,suchas
healthcareorfinance,theemergenceofcomplianceandgovernanceastopicsof
importtothemessagingadministratorisarelativelyrecentevent.Thedifference
betweencomplianceandgovernancecanbesummarizedsimply:
Governanceistheprocessofdefiningandenforcingpolicies,whilecomplianceis
theprocessofensuringthatyoumeetexternalrequirements.
However,bothofthesegoalssharealotofcommonground:
Theyrequirethoroughplanningtoimplement,basedonadetailedunderstanding
ofwhatbehaviorsareallowed,required,orforbidden.
Thoughtheyrequiretechnicalcontrolstoensureimplementation,theyareatheart
aboutpeopleandprocesses.
Theyrequireeffectivemonitoringinordertoaudittheeffectivenessofthe
complianceandgovernancemeasures.
Inshort,theyrequireallthesamethingsyouneedinordertoeffectivelymanageyour
messagingdata.Asaresult,there'sausefulframeworkyoucanusetoevaluateyour
complianceandgovernanceneeds:Discovery,Compliance,Archival,andRetention,
alsoknownastheDCARframework.
DCARrecognizesfourkeypillarsofactivity,eachhistoricallyviewedasaseparatetask
formessagingadministrators.However,allfourpillarsinvolvethesamemechanisms,
people,andpolicies;allfourinfactareoverlappingfacetsofmessagingdata
management.Thesefourpillarsaredescribedinthefollowinglist:
DiscoveryFindingmessagesinthesystemquicklyandaccurately,whetherfor
litigation,auditing,orotherneeds.Therearegenerallytwosilosofdiscovery:
personaldiscovery,allowinguserstofindandmonitorthemessagestheysendand
receive,andorganizationaldiscovery,whichencompassesthetraditional
litigationorauditingactivitiesmostmessagingadministratorsthinkabout.It
requiresthefollowing:
Goodstoragedesigntohandletheadditionaloverheadofdiscoveryactions
Theaccurateandthoroughindexingofallmessagingdatathatentersthe
ExchangeServerorganizationthroughanymeans
Controlovertheabilityofuserstomovedataintoandoutofthemessaging
systemthroughmechanismssuchaspersonalfolders(PSTs)
Controloftheuser'sabilitytodeletedatathatmayberequiredbylitigation
ComplianceMeetingalllegal,regulatory,andgovernancerequirements,whether
derivedfromexternalorinternaldrivers.Althoughmanyofthetechnologiesused
forcompliancealsolooksimilartothoseusedbyindividualusersformailbox
management,compliancehappensmoreattheorganizationlevel(evenifnotall
populationswithintheorganizationaresubjecttothesameregimes).Itrequires
thefollowing:
Clearguidanceonwhichbehaviorsareallowed,required,orprohibited,aswell
asacleardescriptionofwhichwillbeenforcedthroughtechnicalmeans
Themeanstoenforcerequiredbehavior,preventdisallowedbehavior,andaudit
forthesuccessorfailureofthesemeans
TheabilitytocontrolandviewallmessagingdatathatenterstheExchange
Serverorganizationthroughanymeans
ArchivalTheabilitytopreservethemessagingdatathatwillberequiredfor
futureoperations,includinggovernancetasks.Likediscovery,archivalhappenson
twobroadlevels:theuserarchiveisapersonalsolutionthatallowsindividual
userstoretainandreusehistoricalpersonalmessagingdatarelevanttotheirjob
function,whilethebusinessarchiveisaimedatprovidingimmutableorganization-
widebenefitssuchasstoragereduction,eDiscovery,andknowledgeretention.It
requiresthefollowing:
Clearguidanceonwhichdatamustbepreservedandacleardescriptionof
proceduralandtechnicalmeasuresthatwillbeusedtoenforcearchival
Theaccurateandthoroughindexingofallmessagingdatathatentersthe
ExchangeServerorganizationthroughanymeans
Controlovertheabilityofuserstomovedataintoandoutofthemessaging
systemthroughmechanismssuchaspersonalfolders
RetentionTheabilitytoidentifydatathatcanbesafelyremovedwithoutadverse
impact(whetherimmediateordelayed)onthebusiness.Althoughmanyretention
mechanismsaredefinedandmaintainedcentrallyintheorganization,itisnot
uncommonformanyimplementationstoeitherdependonvoluntaryuseractivity
forcomplianceorallowuserstoeasilydefinestricterorlooserretentionpolicies
fortheirowndata.Itrequiresthefollowing:
Clearguidanceonwhichdataissafetoremoveandacleardescriptionofthe
timeframesandtechnicalmeasuresthatwillbeusedtoenforceremoval
TheaccurateidentificationofallmessagingdatathatenterstheExchange
Serverorganizationthroughanymeans
Controlovertheabilityofuserstomovedataintoandoutofthemessaging
systemthroughmechanisms,suchaspersonalfolders
Ifmanyoftheserequirementslookthesame,good;thatemphasizesthatthese
activitiesareallmerelydifferentpartsofthesameoverallgoal.Youshouldbe
realizingthattheseactivitiesarenotthingsyoudowithyourmessagingsystemso
muchastheyareactivitiesthatyouperformwhilemanagingyourmessagingsystem.
Thedistinctionissubtlebutimportant;knowingyourrequirementshelpsmakethe
differencebetweendesigninganddeployingasystemthatcanbeeasilyadaptedto
meetyourneedsandonethatyouwillconstantlyhavetofight.Someofthese
activitieswillrequiretheadditionofthird-partysolutions,evenforExchangeServer
2016,whichincludesmoreDCARfunctionalityoutoftheboxthananyotherprevious
versionofExchangeServer.
Whatmakesthisspaceinterestingisthatmanyofthesefunctionsarebeingfilledbya
varietyofsolutions,includingbothon-premisesandhostedsolutions,oftenata
competitiveprice.AlsointerestingisthetensionbetweenMicrosoft'sviewofhowto
managemessagingdataintheExchangeServerorganizationversusthedefinedneeds
ofmanyorganizationstocontrolinformationacrossmultipleapplications.Morethan
ever,nosolutionwillbeone-size-fits-all;beforeacceptinganyvendor'sassurancethat
theirproductwillmeetyourneeds,firstmakesurethatyouunderstandtheprecise
problemsyou'retryingtosolve(insteadofjustthesetoftechnologybuzzwordsthat
youmayhavebeentoldwillbeyourmagicbullet)andknowhowtheirfunctionality
willaddresstherealneeds.
WhereJournalingFitsintoDCAR
InourdiscussionofDCAR,wedeliberatelyleftoutacommonkeywordthatyou
inevitablyhearabout.Journalingisacommontechnologythatgetsmentioned
whenevercompliance,archival,anddiscoveryarediscussed.However,itoften
getsover-discussed.Journalingisnottheendgoal;it'ssimplyamechanismfor
gettingdataoutofExchangeServerintosomeothersystemthatprovidesthe
specificfunctionthatyoureallywantorneed.
Verysimply,journalingallowsExchangeServeradministratorstodesignatea
subsetofmessagingdatathatwillautomaticallybeduplicatedintoajournal
reportandsenttoathirdparty—anothermailboxintheExchangeServer
organization,astand-alonesystemintheorganization,orevenanexternal
recipient,suchasahostedarchivalservice.Thejournalreportincludesnotonly
theexact,unalteredtextoftheoriginalmessagebutalsoadditionaldetailsthat
thesendersandrecipientsmaynotknow,suchasanyBCCrecipients,thespecific
SMTPenvelopeinformationused,orthefullmembershiplistandrecipient
distributionlists(astheyexistedatthetimeofmessagereceipt).Thesereports
arecommonlyusedforoneoftwopurposes:tocapturedataintosomeother
systemforarchivalortoprovideahistoricalrecordforcompliancepurposes.
Wedon'tknowasingleExchangeServeradministratorwhohasevercomeupto
usandsaid,“Iwanttojournalmydata.”Instead,theysay,“Ineedtoarchivemy
dataandIhavetousejournalingtogetittomyarchivalsolution.”Journaling
isn'ttheendgoal;it'sthemeanstotheend.Ifjournalingisapotentialconcernfor
you,youshouldstopandaskyourselfwhy:
WhatinformationamItryingtojournal?
WhatdoIwantthejournaledinformationfor?
Perhapsmostimportant,whatamIgoingtodowiththejournaled
information?
Understandingwhyyouneedjournalingwillgiveyouthebackgroundyouneedto
effectivelydesignyourExchangeServerorganization,journalingrequirements,
andappropriateadd-onapplicationsandhostedsolutions.Itwillalsohelpyou
identifywhenjournalingmaynotbetheansweryouneedtosolvetheparticular
businessproblemsyou'refacing.
Youshouldalsounderstandtheimpactthatjournalingwillhaveonyoursystem,
aswellasknowwhatlimitationsjournalinghas.Therearecertaintypesofdata
thatnevergetjournaled,andifyouneedthatdata,you'llhavetoataminimum
supplementyoursolutionwithsomethingthatcapturesthatdata.
WewilldiscussExchangeServer2016'sjournalingandarchivingfeaturesin
greaterdetailinChapter23,“ManagingTransport,DataLossPrevention,and
JournalingRules.”Fornow,justbeawarethattheyaremerelytoolsthathelpyou
solvesomeotherproblem.
TheBottomLine
Distinguishbetweenavailability,backupandrecovery,anddisaster
recovery.WhenitcomestokeepingyourExchangeServer2016deployment
healthy,youhavealotofoptionsprovidedoutofthebox.Knowingwhich
problemstheysolveiscriticaltodeployingthemcorrectly.
MasterItYouhavebeenaskedtoselectabackuptypethatwillbackupall
dataonceperweekbutonadailybasiswillensurethattheserverdoesnotrun
outoftransactionlogdiskspace.
Determinethebestoptionfordisasterrecovery.Whencreatingyour
disaster-recoveryplansforExchangeServer2016,youhaveavarietyofoptionsto
choosefrom.ExchangeServer2016furtherenhancesthebuilt-incapabilitiesto
providedisasterrecovery.
MasterItWhatarethedifferenttypesofdisasterrecovery?
Distinguishbetweenthedifferenttypesofavailabilitymeantbytheterm
highavailability.Thetermhighavailabilitymeansdifferentthingstodifferent
people.WhenyoudesignanddeployyourExchangeServer2016solution,you
needtobeconfidentthateveryoneisdesigningforthesamegoals.
MasterItWhatfourtypesofavailabilityarethere?
Implementthefourpillarsofcomplianceandgovernanceactivities.
EnsuringthatyourExchangeServer2016organizationmeetsyourregular
operationalneedsmeansthinkingaboutthetopicsofcomplianceandgovernance
withinyourorganization.
MasterItWhatarethefourpillarsofcomplianceandgovernanceasappliedto
amessagingsystem?
Chapter4
VirtualizingExchangeServer2016
Virtualizationstartedasatechniqueformakingbetteruseofmainframecomputer
resources,butinthemid-2000s,itmadethejumptoserversinthedatacenter.While
someorganizationsdabbledwithvirtualizingExchangeServer2003and2007,
ExchangeServervirtualizationmaturedwithExchangeServer2010andExchange
Server2013.Inthischapter,wewilldiscussvirtualizingMicrosoftExchangeServer
2016.
INTHISCHAPTER,YOUWILLLEARNTO:
Evaluatethepossiblevirtualizationimpacts
EvaluatetheexistingExchangeenvironment
Determinerolesandscenariostovirtualize
VirtualizationOverview
Itisimportanttobeclearaboutwhatkindofvirtualizationisunderdiscussion.The
moderndatacenteroffersanumberofvirtualizationstrategiesandtechnologies:
platformvirtualization,storagevirtualization,networkvirtualization,anddesktop
virtualization.AlthoughallofthesecanaffectanExchangedeployment,Exchange
virtualizationusuallyreferstoplatformvirtualization,alsoknownashardwareor
hostvirtualization.Platformvirtualizationgivesyoutheabilitytocreatemultiple
independentinstancesofoperatingsystemsonasinglephysicalserver.Thesevirtual
instancesaretreatedasseparateserversbytheoperatingsystembutareassigned
physicalresourcesfromthehostsystem.Theadministratorconfigurestherequired
amountofphysicalresourcesforeachvirtualmachine.Herearesomeofthe
resourcesyoucanmanageandpresenttoyourvirtualmachines:
CPUsocketsandcores
RAM
Storageinterfaces
Numberandtypeofharddrives
Networkinterfacecards
Platformvirtualizationisoneofthekeytechnologiesinthecurrentdatacentertrends
toreducepowerandcoolingcosts,anddeployprivatecloudimplementations.There
areseveraltypesofplatformvirtualization,butthetypeusedforExchangeis
hardware-assistedvirtualization,whichusesahypervisortomanagethephysical
hostresourceswhileminimizingtheoverheadofthevirtualizationsolution.
Dependingonthesolutionused,thehypervisorcaneitherbeafullserveroperating
systemorastripped-downminimalistkernel.Hypervisorsdonotprovideemulation;
theguestvirtualmachinesprovidethesameprocessorarchitectureasthehostserver
does.Modernhypervisorsrelyonspecificinstructionsetsinthehardwareprocessors
designedtoincreaseperformanceforvirtualmachineswhiledecreasinghypervisor
overhead.
Therearecompellingreasonstoconsidervirtualizationforyourinfrastructure,
althoughnotallsituationsorapplicationslendthemselvesequallytoapositive
virtualizationexperience.Someofthesereasonswillbecoveredabitlaterinthe
chapter.Youmayevenencounterbothpositiveandnegativeexperiences.
Technologycontinuestoevolve,andwehaveseengreatstridestakeninthe
virtualizationworldoverthepastfewyears.Althoughtherearemultiplevendorsin
thevirtualizationgame,VMwareandMicrosoftareatthetopofthepilefor
virtualizingExchange.Thesesolutionsprovidethemostrigorousanddetailed
guidanceforsuccessfullydeployingExchangeontheirvirtualizationsolutions.Figure
4.1givesavirtualizationoverview.
Figure4.1Alookatvirtualization
Terminology
Table4.1containstermsyouneedtobefamiliarwithasyoumovethroughthis
chapterandthevirtualizationworld.
Table4.1VirtualizationTerms
Term Definition
Virtualization
host,Host,
Root,Parent
Thephysicalserverthatisrunningthevirtualizationproduct.Thisis
thecomputerthatissharingitsphysicalresourcestoitsvirtual
machines.
Guest,virtual
machine
VirtualmachinerunningasupportedOSandusingtheresources
providedbythevirtualizationhost.
Database
availability
group(DAG)
AgroupofMailboxserversthathostasetofdatabasesandprovide
automaticdatabase-levelrecoveryfromfailures.
Pass-through
disk,Raw
diskmapping
(RDM)
Virtualharddisksthataredirectlylinkedtounformattedvolumeson
thehostserver,whetheronlocaldisksorsomesortofstoragearray.
Thesedisksholdtheoperatingsystem,applications,andotherdatafor
thevirtualmachine.
Virtualhard
disk(VHD)
Virtualharddisksthatarestoredasfilesonaformattedvolumeonthe
hostserver,whetheronlocaldisksorsomesortofstoragearray.These
disksholdtheoperatingsystem,applications,andotherdataforthe
virtualmachine.Filescanusethe.vhdformatorthenewer.vhdx
format.
FixedVHD AVHDwhoseunderlyingfileonthehoststorageoccupiesits
maximumsize.Forexample,a100GBfixeddiskwithonly25GBused
intheguestwillstilluse100GBonthehoststorage.
Dynamic
VHD
AVHDwhoseunderlyingfileonhoststorageoccupiesonlythe
amountofspaceusedintheguest.Forexample,a100GBdynamic
VHDthatisonly25percentusedintheguestwilluseonly25GBon
thehoststorage.Thereisaperformancehitasthediskgrows,and
dynamicVHDscanbeextremelyfragmentedevenwhenthelogical
structureinsidethediskseemstobedefragmented.
Differencing
VHD
Amultiple-partVHD,witharead-onlyfixedordynamicVHDasthe
baselineandasecondVHDforallwrites.Neworupdateddiskblocks
arewrittentothedifferencingVHD,nottothebaselineVHD.Any
changescanberolledbacktoapreviousstate,andabaselineVHDcan
beusedwithmanydifferentdifferencingVHDs.Thesediskshave
significantperformancepenalties,fortheincreasedlevelofI/O
abstractionandCPU,aswellasforthefragmentationinthe
differencingVHDfile.
UnderstandingVirtualizedExchange
ExchangeServer2003wasthefirstversionofExchangethatMicrosoftofficially
supportedundervirtualization,althoughthatsupportcamelateintheproduct's
lifetime.AlthoughcustomershadbeenvirtualizingExchangeunderVMwareproducts
foryears,Microsoft'sofficialsupportpermittedExchangeServer2003toberunonly
underMicrosoft'sownVirtualServerproduct.
In2008,MicrosoftannouncedtheirnewServerVirtualizationValidationProgram
(SVVP).Thisprogramprovidesacentralmechanismforon-premisesandhosted
virtualizationproviderstogettheirsolutionsvalidatedinspecificconfigurations.The
SVVPallowsWindowscustomerstogetofficialMicrosoftsupportforvirtualized
WindowsserversandapplicationsthatarerunningonSVVP-certifiedvirtualization
configurations.Laterthesameyear,Microsoftreleasedtheirvirtualizationsupport
statementforExchangeServer2007SP1andlaterversions,buildingoffofthe
baselineprovidedbytheSVVP.ThismovedExchangeintothemainstreamfor
applicationsthatcouldtakeadvantageofthebenefitsofvirtualization.
Microsoft'ssupportguidelinesforvirtualizingExchangeServer2007andExchange
Server2010haveundergonemanychanges.UnderthetermsoftheSVVP,Windows
Server2008SP2andWindowsServer2008R2weretheonlyoperatingsystems
supportedforvirtualExchangeServer2007and2010deployments.Initially,the
UnifiedMessagingrolewasnotsupportedundervirtualization,butanupdatedmedia
componentwasintroducedinExchangeServer2010SP1.Atthesametime,Microsoft
relaxedsomeoftheirrestrictionsontheuseofhypervisoravailabilityfeatureswith
Exchange.Now,withExchangeServer2013andExchangeServer2016,alotofthe
guidanceforpreviousversionsnolongerappliesbecauseofthechangesinservice
architecture.Now,besidesusingHyper-VasthehypervisorforvirtualizingExchange
Server,youcanalsouseVMware'shypervisorsorCitrixXenServerbecausethey
adheretotheSVVP.ThisexpandedsupportofExchangeServerevenextendstothe
cloudwithMicrosoftAzure.YoucanvirtualizeExchangeServer2016inMicrosoft
Azure.
ThesupportforExchangeisaconstantlyevolvingstory,especiallyafterCumulative
Updatepacksarereleased.Whenindoubt,visithttp://technet.microsoft.com/en-
us/library/jj619301.aspxtoviewthelatestversionofMicrosoft'sguidelinesand
recommendationsforvirtualizingExchangeServer2016.Thevirtualizedinstancesof
ExchangemuststillmeettheExchangeprerequisites.
MicrosoftRequirementsandRecommendations
Makesureyouhavereadandarefamiliarwiththe“Exchange2016Virtualization”
articleat:
http://technet.microsoft.com/en-us/library/jj619301.aspx
Thefollowinghypervisortechnologiesareunsupportedforuseinyourproduction
ExchangeServer2016servers:
TheuseofhypervisorsorhostingplatformsthatarenotontheSVVP
Theuseoffile-levelprotocols(NetworkFileSystemorServerMessageBlock
NFSorSMB)forstoragepoolsusedforExchangeVHDsorpartitions
DeployingonAzurevirtualmachinesthatusestorageotherthanAzure
PremiumStorage
HypervisorsnapshotsoftheExchangevirtualmachines
DifferencingVHDs
Host-basedclusteringandmigrationtechnologiesthatrelyonsaving
Exchangevirtualmachinememorystatetodiskfiles
Virtual-to-logicalprocessorratiosgreaterthan2:1
Dynamicmemoryorovercommittingofmemory
Anyapplicationsotherthanmanagementsoftwarerunningonthehypervisor
host
ThereisoneexcitingchangeintheserequirementsinvolvingtheSMB3.0
protocol,whichisnewinWindowsServer2012andothermodernstorage
solutionsthatlicensethisprotocol.UnderSMB3.0(andSMB3.0only),youcan
configureyourhypervisorenvironmenttomountSMB3.0filesharesandstore
fixed-lengthvirtualharddrivefilesonthosemounts;thesevirtualharddrivescan
thenbeusedtostoreExchangedata.Inthisconfiguration,thenewfeaturesof
SMB3.0helpensurethatthespecifictypeandorderofExchangedatawritesare
preservedallthewaytothephysicaldisks,removingthetypicalriskofdataloss
orcorruptionthatispresentwhenusingotherfile-basedprotocols.
ThischangehelpssimplifystoragerequirementsforvirtualExchangeServer
deployments,butonlyifallofthefollowingconditionsaremet:
Boththeclient(thehypervisor)andthestoragesolution(SAN,Windows
Server2012server,orotherdevice)supporttheSMB3.0protocolandare
configuredtouseit.
Neithertheclientnorthestoragesolutionisconfiguredtofallbacktoan
earlierversionofSMB.
TheSMB3.0fileshareismountedbythehypervisorsystemsandnotdirectly
bytheExchangeserver.
TheExchangedataisstoredonfixed-length(full-size)virtualharddrivefiles
ontheSMB3.0mount.
UnderstandingYourExchangeEnvironment
BeforevirtualizingyourExchangeenvironment,youmustdefineyourcurrent
environment.Thebetteryouunderstandyourenvironment,themorepreparedyou
willbetodefinethevirtualizedenvironment.Hereissomeoftheinformationyou
needtogather:
Numberofusers
Userprofiles
Numberofmessagessent/receivedperday,peruser
ServerCPUutilization
Servermemoryutilization
Servernetworkutilization
Databasesizes
Storagepatterns
Storagetype
Currenthigh-availabilitymodel
Concurrentlyconnectedusers
Numberandtypesofclientsaccessingthesystem
Exchangeconnectors
Administrationmodel
Asyougatherthisinformation,youwillbepaintingapictureofyourExchange
environment.Thisinformationwillbeplacedintovariouscalculationsthroughoutthe
processtoensurethatyouhavedoneacompleteevaluationbeforemovingforward
withvirtualization.ThisinformationwillhaveasignificantimpactontheExchange
systemmovingforward.
Eachbitoftheinformationyougatherwilladdanotherpiecetothepuzzle.Asyouput
thepuzzletogether,youwillhaveagoodideawhethervirtualizationwillmeetyour
needs.Youalsowillbeabletovalidatewhetheryouwillgettheperformancefromthe
virtualizedenvironmentthatyourusersrequire.Laterinthebook,welookmore
closelyatsizingandhowtheExchangeRoleRequirementsCalculatorcanbeatoolto
help.
EffectsofVirtualization
Thepopularityofvirtualizationinthedatacenterisduetothemanybenefitsitbrings,
bothtangibleandintangible.However,notallapplicationsarecreatedequal.While
virtualizingExchangeServeristechnicallypossible,thereareanumberofadditional
impactsandissuesthatyoushouldconsider.
EnvironmentalImpact
Formostorganizations,theenvironmentalimpactisoneofthemajordrivingfactors
behindvirtualizationinitiatives.Theconceptissimple:reducethenumberofservers
andreducetheamountofpower.Activeserversconsumeelectricityandconvertitto
heat,indirectlyconsumingmoreelectricityintheformofcoolingsystems.
Consolidatingunderutilizedserversandreplacingolderserverswithless-efficient
hardwarecanresultinasignificantamountofsavedpower.Thisnumberisa
completelyfluidnumberandisdependentontheenvironmentthatyouwantto
virtualize.Anorganizationwith100serverswillseeamuchdifferentimpactthana
companywithonly15servers.However,anorganizationwith100lightlyloaded
serverswilllikewiseseeamuchdifferentimpactthanacompanywith100heavily
loadedservers.
SpaceImpact
Environmentalimpactisimportant,butserverconsolidationhasanimpactthatmay
notbeasimmediatelyobvious:reducedrackspaceintheserverroomordatacenter.
Notallorganizationswillfeelthisimpact,dependingontheirchoiceofhosthardware.
Organizationsthatpayforserverhostinginaseparatefacilitymayfindthatpaying
attentiontothisareaofimpactcanresultinadditionalcostsavings.Thesesavings
mayincludethefollowingbasiccostsassociatedwithhosting:
Rackmountingspaceforthephysicalservers
Power
Networkconnectivity
Cooling
Theremayalsobeoptionalcostsassociatedwithyourservers,suchasthefollowing:
Monitoringofthehardware
Additionalfirewallcapabilities
Out-of-bandaccesstotheservers
Bydeployingpowerfulphysicalhardwarerunningahypervisorenvironment,youcan
increaseyourphysicalhostingcostsinapredictable,building-blockfashion,build
virtualapplicationserverswithouthavingtovisitthedatacenter,andstillprovidecost
efficiency.Dependingontheworkloadoftheserversbeforeyouvirtualizedthem,you
mayneedtodeploylargerservers,whichmayincreasetheper-servercostforthe
space.Besuretodothemathbeforedecidingthatthisapproachwillsaveyoumoney.
ComplexityImpact
Manysavingsestimatesoverlooktheadditionalcomplexitythatavirtualized
environmentcanbringtothetable.Dependingonthelevelofavailabilityrequired,the
additionalhostserversandnetworkinggearrequiredtoprovideclusteringandspare
capacity—aswellasthehigherclassofhardwaretoprovideredundantcomponents
withinthehostservers—canwhittleawaytheinitialestimatedsavings.
Oncethevirtualserversaredeployed,complexityalmostalwaysstrikesinthe
operationalprocessesandtechnicaloperationalskillsofyourstaff.Havingthe
additionalhypervisorlayersinthenetworking,storage,andserverstackcandriveup
thetimeinvolvedinkeepingvirtualExchangeServer2016serversoperating.The
additionallayersofdependencycanalsobringdowntheexpectedSLAsforthe
Exchangeservicesintheeventofanoutageandlengthenthetimeittakesto
troubleshootproblems.
VirtualExchangedeploymentscanalsobebittenbythecomplexitybugwhenthe
designsdonotadequatelyconsiderfailuredomains.Considertheimpactofafailure
ofahostserverandthecorrespondingvirtualmachines.Consideralsothespecific
hypervisorfeaturesthatcannotbeusedwithExchange,suchasdifferencingdisks,
hypervisorsnapshots,orfile-levelstorage;determinetheimpactontheorganizationif
thosefeaturesareusedwithExchangevirtualmachinesandthereisaproblem.What
featuresofExchange,suchasnativedataprotection,areyougoingtobeunableorless
likelytouseinavirtualdeploymentwithoutoffsettingtheprojectedcostsavings?Are
theseriskshighenoughtooffsetthevalueofvirtualizingExchange?
AdditionalConsiderations
Oneofthewayscompaniesaresavingmoneyisbyvirtualizingunderusedservers.By
doingthis,theyreducethepowerandcoolingfootprintsthatwehavetalkedabout.An
underusedserveristhoughttouselessthan20percentofitsphysicalhardware.If
yourcurrentExchangeenvironmenthasbeensizedproperly,Exchangeserversshould
notfallintotheunderusedcategory.
ThisdoesnotmeanthatyouwillnotbenefitfromvirtualizingExchange;youneedto
doyourresearch.Foragoodbackgroundontheimpactvirtualizationcanhave,check
outthewhitepaper,“ComparingthePowerUtilizationofNativeandVirtualExchange
Environments,”availableathttp://technet.microsoft.com/en-
us/library/dd901773.aspx.ItwaswrittenforExchangeServer2007,butthe
informationisstillapplicable.Thestudyshowsareductionof50percentinpower
utilizationfortheserversusedinthestudy.Thetotalpowerreductionfortheservers
andstoragewasbetween34and37percent,dependingonthestoragesolution.
AreMyExchangeServersUnderutilized?
Withstand-aloneExchangeServer2016servers,theprocesstodetermine
utilizationisrelativelysimple:first,establishabaselineperformancesetby
runningtheWindowsPerformanceMonitor(PerfMon)foratleastaweekusinga
combinationofcommoncountersforprocessor,memory,disk,andnetwork
resources.Oncethisbaselineisestablished,youcanuseittocomparecurrent
performancelevelswhenexperiencingissuestoidentifynotableareasofchange.
Atthetimeofthiswriting,nospecificperformanceguidancehasbeenpublished
forExchangeServer2016,butatsomepointMicrosoftwilllikelyprovidespecific
counterandthresholdguidance.Untilthen,useacombinationofthecountersfor
anExchangeServer2013multiroleservercombinedwithsomecommonsense
andhealthyskepticismtoestablishyourcurrentserverbaseline.Ifanyspecific
counter(otherthanRAM)averagesabove60percentutilizationorhasfrequent
spikesabovethatthreshold,theservermaybeundersizedormisconfigured.
OnepointtokeepinmindisthatDAG-memberMailboxserversinaload-
balancingpoolcan'tbedirectlymeasured.Toensureyouaccuratelymeasurethe
loadontheseservers,takeyourmeasurementswhiletheyarerunningatthe
designedandexpectedmaximumload.IfyourDAGisdesignedtolosetwo
servers,thensimulatethelossoftwoserverstoperformyourbaseline
measurement.
Hypervisorandstoragevendorsusuallygivespecificguidanceforvirtualizing
Exchange.Makesureyouobtain,read,andunderstandthisguidancetoensure
thatyourvirtualExchangedeploymentwillbesuccessfulthroughoutitslife.
VirtualizationRequirements
Justaswithanysoftwareyoudeploy,therearehardwareandsoftwarerequirements
thatyouneedtomeetwhenyouvirtualize.
HardwareRequirements
Forthemodernvirtualizationtechnologies,makesurethatyourhardwaresupports
theproperlevelofvirtualization.Mostofthecurrentmarket-leadingserversdohave
theproperBIOS,motherboard,andCPUsupport,butoldermodelsmaynotsupport
thespecificCPUextensionsortechnologiesrequiredbythehypervisorsyouwillneed
torunExchangeServer2016onWindowsServer2012orWindowsServer2012R2.If
youarebuildingaserverfromscratch,reviewthehardwarerequirementsforthe
hypervisoryouwillbeusingtomakesuretheserveryouarebuildingwillperformthe
wayyouintendittoperform.Alsomakesurethatyoufollowthereferenceprocessor
andmemoryrecommendationsandserverratiosthatarepostedonTechNet.These
guidelinesshouldalwaysbeyourfirststopforplanning,alongwiththeExchange
ServerRoleRequirementsCalculator.
Knowwhichserverswillbevirtualized.Youwillfindthattherearedifferent
pitfallsforthevirtualizationhostthanwhatyounormallyseewithphysical
servers.Becauseyouwillbesharingthevirtualizationhost'sphysicalresources,
makesurethatyouhaveanideawhatserverswillbevirtualizedonthehost,as
wellaswhatsparecapacitythehostwillbeexpectedtohaveandwhatvirtual
machineswillbeaddedtotheworkloadduringmaintenanceoroutage.Thiswill
allowyoutoverifythatyouhaveenoughRAM,processors,andnetwork
connections.Gatherthephysicalrequirementsofeachconfirmedandprovisional
guest.Knowingwhatyourguestvirtualmachineswillneedbeforeyouenterthe
planningstagesforvirtualizationwillputyouinabetterpositionforsuccess.
Planbasedonsystemresources.Nomatterwhatworkloadsorhowmany
serversyouwillbevirtualizing,youneedtoplan.Thevirtualizationhostwill
requireresourcesbeforethevirtualmachinesareevenstarted.Onceyouhave
startedthevirtualmachines,yourresourcescandepleteveryquickly.Makesure
thatyouhaveenoughsystemresourcestogoaroundandthatyouhavesome
breathingroom.
PlanforyourvirtualizationhoststoconsumeaCPUoverheadof9to12percent.
Thiswilldifferfrominstallationtoinstallation,butitisagoodnumbertouse
whensizingyourequipmentandlayingoutyourvirtualmachines.Trytovalidate
yourconfigurationinalab(orbyconfiguringyourproductionhardwareasalab)
beforemovingintoproduction.
Planbasedonstoragerequirements.Knowingwhichworkloadswillbe
virtualizedwillalsoenableyoutoplantheproperstorageforthevirtualmachines.
StorageisamajordesignpointforvirtualizingExchange.ExchangeServer2016
continuesthetrendofI/Oimprovementsthatfavordiskcapacityoverdisk
performance.VirtualExchangeserversmayhaveasignificantamountofI/O
overhead,dependingonthespecificstorageoptionsyouhavechosen;pass-
throughdisksonlocaloriSCSIstoragewillhaveloweroverheadthanVHDs(.vhd
or.vhdx).BeginyourstoragedesignwiththeExchangestoragecalculatorandsize
yourstorageappropriately;thenusethatasinputforthecalculatorsforyour
virtualizationandstoragesolutionstoensurethatyou'remeetingallexpectations.
Makesurethatyouhaveproperlypartitionedyourstorage.Youdon'twanttohave
spindlecontentionbetweenyourvirtualizationhostOSandthestorageforyour
virtualmachineOSorapplicationdata.Forthemajorityofvirtualworkloads,you
shouldhavetheunderlyingstorageinaRAIDconfiguration.ThelevelofRAID
thatyouchooseisuptoyouanddependsontheprojectrequirements.However,
ifyouaretakingtheoptionofusingdirect-attachedstorageonyourvirtualization
hosttoprovidestorageforExchangemailboxdatabasesinaDAGandyouplanto
takeadvantageofExchange-nativedataprotection,youmaynotneedRAID.
WhenyouarecreatingyourvirtualmachineOSVHDs,orlogicalunitnumbers
(LUNs),includeenoughspaceforoperationofthevirtualmachine,including
spaceforupdates,additionalapplications,andthepagefile.Usethefollowing
calculationtodeterminetheminimumVHDsizethatwillbeneededforthe
virtualmachine:
OSrequirement+virtualmachineRAM=minimumOSVHDsize.Fornormal
virtualworkloads,thediskrequirementsshouldincludespaceforthememory
statefile(suchasthe.VSVand.BINfilesusedinHyper-VduringQuickMigration
andVMpauseoperations).However,Microsoft'ssupportguidelinesarevery
emphatic:theuseofdisk-basedmemorystatesisnotsupportedwithvirtual
Exchangeservers.
Planbasedonnetworkingconfiguration.Inadditiontothestorage-capacity
requirements,makesureyouhavetheappropriatebandwidthforallyourvirtual
machinestoaccessyourstoragesubsystem.ExchangeServer2016storageshould
befixedVHDs,pass-through,oriSCSILUNs.Microsoftrecommendsthatyouuse
pass-throughdisksoriSCSILUNstohostthedatabases,transactionlogs,andmail
queues.
Makesureyouhaveplannedyournetworkbandwidth.Youaregoingtobesharing
alimitednumberofphysicalnetworkportsonyourvirtualizationhostwithyour
virtualmachines.Dependingonyourvirtualmachinelayoutandrequirements,
youwillexhaustyourphysicalnetworkportsinshortorder.
Youmayendupneedingtoinstallmultiplequad-portnetworkinterfacecards
(NICs)togettheportdensityrequiredtosupportyourExchangedesign.Keepin
mindthatyoumayneedseveralNICspervirtualmachine.Dependingontherole
oftheserver,theremaybereplicationtrafficaswellasclienttraffic.For
virtualizationhoststhatwillbehostingExchangeMailboxserversinaDAG,the
replicationNICsintheguestsshouldnotbeboundtoeitherofthefollowing
physicalNICtypesinthehost:
AnyhostNICthatconnectstostorage(suchasiSCSISANs)
ThehostNICsboundtotheprimaryguestclientNICs
IfyouuseNICteamingonthehosttoincreasebandwidthorprovideavailability,
ensurethattheteamingvendorsupportstheuseofteamedNICsforvirtualization
ingeneralandguestvirtualnetworksthatwillbeusedwithExchangeServerin
particular.
Consideryourphysicalservertype.Youarenotlockedintoonetypeof
physicalserverforthevirtualizationhost.Youcanuseastandardserver,oryou
maychoosetousebladeservers.Bladeserversrequireabitmoreplanningthan
standardservers.Becauseyouaresharingresourcesbeforeyoustartyour
virtualization,besureyouhavecarvedoutyourdisks,networktraffic,andstorage
trafficadequately.
WhyCan'tIUseNFSorSMB?
OneofthemostcommonlyviolatedsupportguidelinesforvirtualExchange
deploymentsistheprohibitiononfile-levelprotocolsinthestoragestack.For
somehypervisordeployments,suchasVMware,itisverycommontouse
network-attachedstorageorstorageaccessnetworks(NASorSANstorage)using
NFStoprovidethedatastoresusedtoholdvirtualmachinedrivesfiles.Often,the
storagesolutionisentirelydedicatedtotheNFSpartitions,andtheentirevirtual
environmentprovisioningprocessisautomatedaroundbuildingoutthevirtual
machinedisks(VMDKs).It'sefficient,it'srelativelyinexpensive,andmost
importantlyit'salreadyworking.Havingtoreclaimstoragespaceonlytocarveit
outasiSCSILUNsorrawdevicemappings(RDMs)isalotofworkandwill
requireacompleteoverhauloftheassociatedbackuproutines.You'realready
usingVMDKsoverNFSforallyourotherworkloads.Whyisitnecessarytothrow
thisbigwrenchintheworks?
Theanswerissimple:you'reputtingyourdataatriskbylyingtoExchange.
Inordertomaximizeperformanceandkeepyourdatasafe,theExchangestorage
enginehasaveryspecificsequenceofeventsforhowithandleswritestodisk.All
writestothedatabasefirstmustbewrittenouttoatransactionlogfile,andthe
updatestothevariousfilesandblockshavetohappeninaveryspecificsequence
ordatabasecorruptionanddatalossresults.Tomakesurethishappens,
Exchangehastoassumeit'stalkingtotherawdiskblocks;onlybydoingsocanit
ensurethatallthedataandmetadatagetswrittentothediskinthecorrectorder
withinthecorrecttimeframe.Block-levelprotocols(iSCSI,FC,SATA/SAS,etc.)
andpass-throughdiskscanallmakethisguarantee.Evenwhenwritecachingisin
themix(anditshouldbe,usingaproperbatterybacking),thecachingcontroller
istakingontheresponsibilityofensuringthewritesgetcommittedtodisk.
Withfile-levelprotocols,suchasNFSandSMB(beforeSMB3.0whenmounted
bythehypervisorhost),youdon'thavethosesamecommitments.That'snotto
saythattheseprotocolswon'ttrytokeepyourdatasafe,becausetheydo,butthe
waystheydoit—andthefeaturestheyprovide,suchasfilelockingandcaching
anddisconnecttime-outs—areverydifferentthanablock-levelprotocolwould.As
aresult,Exchangeisrelyingononesetofbehaviorsbecauseitthinksit'stalking
toaphysicaldisk,butbyslippingNFSorSMBintothestack,you'vesilently
changedthosebehaviors.Thetranslationsbetweenthetwoworkmostofthe
time,butwhentheydon't,theresultscanbeamazinglydestructive.
Ifyou'regoingtodeployyourExchangeVMsonfile-levelvirtualharddisks,be
smart.Youcanusethesesolutionsforthebaseoperating-systempartition,but
don'tinstallExchangeonthosedrives.Instead,provisionadditionalpass-through
drives,RDMs,orblock-levelLUNsforyourExchangedatabases,logs,and
binaries.KeepyourExchangedataonvolumeswhereithasastraightblock-based
pathallthewaybacktothespindles.Thedata(andjob)yousavewillbeyour
own.
SoftwareRequirements
YoursoftwarerequirementsforthehostOSwilldifferdependingonwhichhypervisor
youhavedecidedtouse.Checkwithyourhypervisorprovidertoensurethatyouhave
alltherequiredsoftwarebeforeyoubegin.TherearedifferencesinthebaseOSsthat
mayprecludeyoufromloadinganyhypervisorwithoutacompletereloadofthe
server.Althoughthisisnotahugedeal,itistime-consuming,andifyoupurchasedan
incorrectversion,itisalsoexpensive.Makesurethatyouknowhowmanyserverswill
bevirtualizedonthehostserversaswell.Thismayhaveanimpactonwhatversionof
theOSyouneedtoinstalltominimizethenumberofguestWindowslicensesyou
needtopurchase.Makecertainthatyouhavecompletedthevirtualmachine
configurationbeforeyoustarttoloadExchange.
Forthevirtualmachine,thesoftwarerequirementsandinstallationare
straightforward.Onceyouhavemadetheinitialconfigurationsforthevirtual
machine,loadtheappropriateWindowsoperatingsystemforthedesignedExchange
roles.Therearenorequirementsfromavirtualizationperspectiveastowhichversion
ofWindowsyouneedtoloadaslongastheversionofhypervisorandWindowsguest
(virtualmachine)arevalidatedontheSVVPlist.TheguestOSwillbedrivenbythe
businessandtechnicalrequirementsfortheapplicationandconfigurationyouwillbe
deploying.Thisiswhereyourrequirements-gatheringwillguideyoutothecorrectOS
andapplicationversions.
InadditiontothenormalrequirementsforExchangeservers,ensurethatthelatest
hypervisorintegrationdriversareloaded.ForMicrosoftHyper-Vguests,theHyper-V
integrationcomponentsarepartofthebaseWindowsOSandservicepacks,although
iftheversionofWindowstheHyper-Vhostsarerunningisnewerthantheversionin
theguests,youmayneedtoinstalltheadditionalHyper-Vintegrationcomponents.
Theotherhypervisorvendorsallhavetheirownintegrationcomponentsorguest
toolkitstoload.
Regardlessofwhichhypervisoryouareusing,itiscriticallyimportanttokeepyour
guestsup-to-dateonthelatestintegrationdrivers.Asyourhostsareupdatedtonewer
versionsandpatchlevels,ensurethatalloftheguestsonthehost(orcluster)are
runningthelatestdriversbeforehostsareupgradedtothenewversion,especiallyif
notallofthevirtualizationhostsintheclusterwillbeupgradedatthesametime.
Exchangecanbeextremelysensitivetomismatchesbetweentheintegrationdrivers
andthehostversion,withcatastrophicimpactstoperformance.
Operations
Operationsincludemanyfactors,suchasthepatchingandmonitoringoftheOSand
application,dailymaintenance,andtroubleshooting.Apopularmisconceptionisthat
youroperatingcostswillmagicallydecreasewhenyoustarttovirtualize,whileyour
uptimeandserviceavailabilitywillfrolicwithunicornsandrainbows.Therealityis
thatwithoutcarefulplanningandthecreationofmatureprocesses,thechancesare
goodthatyourcostswillactuallyincrease,aswillyourdowntime.Thereasonforthis
mismatchbetweenexpectationsandrealityisthataddingvirtualizationbringsmore
tothetablethanjustthetechnology.TohaveasuccessfulvirtualExchange
deployment,youneednotonlytechnologybutalsoprocessesandpersonnel.
Virtualizationtechnologyismature,butmostvirtualizationguidancemakesthe
assumptionthatallapplicationsarethesameintermsofignoranceaboutthe
underlyinghardware.Overtheyears,Microsofthasgonetoalotoftroubletomake
Exchangeasreliableasitcanandtoensurethatifthereisunavoidabledataloss,itis
assmallaspossible.ThefrictionbetweenExchange'sassumptionsaboutthehardware
stackandthewidespreadscalabilitybestpracticesforvirtualenvironmentscancreate
acombinationwhereExchangeislessreliable.
Balancingthevirtualmachines'needsagainstthehost'sresourcesandtheusers'
requirementscanbeadauntingtask.DoingsoforExchangegueststypicallyincreases
thecomplexitybycreatingExchange-specifictechnologychallenges.Thesechallenges
canallbesolvedatthetechnologylevel,butdoingsorequiresadditionalcross-
trainingforyourstaffandspecificexceptionsinyourvirtualizationprocessesand
policies.
ThesizeofyourITorganizationandthenumberandlocationofserverswillaffectthe
costofoperations.Ifyouhaveenoughstafftolearnthevirtualizationtechnology,
theremaynotbeahugeimpacttothebottomline.Ifyoudon'thaveadequatestaff,
youwillmostlikelybelookingforadditionalpersonneltosupportyourvirtualization
efforts.WhenyouvirtualizeyourExchangeservers,youstillhavetotakecareofthe
guestWindowsinstallationandtheExchangeapplicationaswellasthehypervisor
hostsandenvironment.
VirtualExchangeservershave100percentofthedailyoperationalrequirementsthat
physicalExchangeserversdo.Youstillhavetotestandpatchyoursystems.Youstill
havesystemsthatwillexperienceissues,andyouneedtospendtimetroubleshooting.
Ontopofthat,younowhaveaddedthehypervisorlayer.Thislayermayormaynotbe
familiartoyoursupportandengineeringstaff.Youcan'tjustrebootavirtualization
hostbecauseyoufeelthatitisthebestsolutionforasituation.Younowhaveto
expandyourthoughtprocesstoincludetheExchangeserversthatarevirtualizedon
thathostandtakethesefactorsintoconsideration:
WhatExchangeserviceswillbeaffectedbyshuttingdownthishost?
Exchangevirtualmachinesareonthevirtualizationhost,buthowwilltheusersbe
affectedwhentheyareshutdown?
Dotheaffectedserviceshavearedundantnature?
Aretheredundantserviceslocatedonthesamevirtualizationhostoronadifferent
host?(Iftheyareonthesamevirtualizationhost,aretheyreallyredundant?)
DecidingWhentoVirtualize
Decidingtovirtualizeisabigdecision.Itshouldnotbetakenlightly.Beforeyou
embarkontheroadtovirtualizingExchangeServer,youneedtomakesureitisright
foryourorganization.Whileeveryorganizationhasslightlydifferentrequirements
andgoals,thefollowinglistrepresentssomeofthecommonreasonsthat
organizationschoosetovirtualizeExchangeServer:
Savemoney.Whilevirtualizationdoesn'talwayssavemoney(infact,sometimes
itcancostmoremoneythanhavingphysicalservers),itcansavemoneyinmany
environments,especiallyifanorganizationisvirtualizingeverything.Costsavings
areassociatedwithpower,cooling,datacenterspace,andsometimesoperating
systemcosts.
Adheretoyourorganization'scommonITmanagementplatform.Many
organizations,especiallylargeorganizations,haveastandardizedsetofIT
managementplatformsandprocessestosupporttheirenvironment.Muchwork
hasgoneintodevelopingtheplatformsandprocesses.Wheneveratechnology
doesn'tadheretothecommonITmanagementplatform,supportcanbecome
inefficient,expensive,andpronetoerrorsordowntime.Ifyourorganizationhas
virtualizedthevastmajorityofyourservers,itmightmakesensetovirtualize
ExchangeServertotakeadvantageofthatinvestmentininfrastructureandpeople.
Companymandate.Awhileback,wewereworkingwithacompanythathada
mandatefromtheCIO.Thatmandatewastovirtualizeeveryserverinthe
datacenters.Ifyouwantedanexception,youhadtopresentastrongcaseforit—
andwemeanreallystrong.Althoughsuchamandatecouldcomefromcostsor
otherfactors,thereasonoftendoesn'tmatter.Insuchacase,youneedtoprepare
tovirtualize!
Thesearejustafewofthecommonreasonstovirtualize.Therearemanyothers.As
theadministrator,youneedtoweightheoptions,examinetheprosandcons,and
ultimatelydecidewhichroutetotakeforyourorganization.Ifyoudecidetovirtualize,
yournextstepistodecidewhattovirtualize,whichwetalkaboutnext.
DecidingWhattoVirtualize
NomatterhowmanyExchangeserversyouplantovirtualize,youmustdoyour
researchasyouareplanningthearchitectureforyourenvironment.Planyourvirtual
machinesjustasthoughtheywerephysicalservers.Thenincludetheadditional
overheadforthevirtualizationhost.Makesurethatyouarethinkingabouttheend
productthatyouwilldelivertoyourusers.Considerthepossibledifferencesbetween
thephysicalandvirtualizedenvironment.Willyouruserbasebeashappywitha
virtualizedenvironmentifitmeansadecreaseinperformance?Ifyousetthe
expectations,sizetheenvironmentappropriately—andtestappropriately.There
shouldbenonoticeabledifferenceforyourendusers.
Aswithanyarchitecture,thingsthatyoudocanmakepositiveornegativeimpacts.
WithExchangeServer2007,MicrosoftchangedtheExtensibleStorageEngine(ESE)
toallowExchangeServer2007toutilizeasmuchRAMasneededtocacheasmuch
mailboxinformationaspossibletodrivedownreadI/Ooperations.InExchange
Server2007andExchangeServer2010,theExchangeESE—amonolithicInformation
Storeprocessthathandlesallthedatabasesontheserver—usesallavailablephysical
memoryinthesystemforthiscache.Ifyourserverhas16GBofmemory,youcan
expectthatESEwillconsumeroughly14GBofituntilotherprocessesneedthe
resources.Atthatpoint,Exchangewillnotletgoofthatmemorybutwillinsteadallow
theoperatingsystemtoplacememorypagesinthedisk-basedpagefile.With
ExchangeServer2013andExchangeServer2016,theESEspawnsaseparateprocess
foreachmailboxdatabaseontheserver,completelychanginghowmemory
managementworks.
UnderstandinghowthesechangesaffectthebehavioroftheExchangeserverallows
youtoproperlyplananddeployvirtualExchangeservers.Youshouldknow,for
example,thatusingpopulartechniqueslikememoryover-allocationordynamic
memoryallocationwouldbeabadmatchforExchangeservers—andinfact,neitheris
supportedbyMicrosoftforExchange.However,over-allocationofCPUresourcesis
supporteduptoaratiooftwovirtualCPUstoeveryonephysicalCPUcore(although
itisrecommendedtohaveonevirtualCPUforeachCPUcore).Whenlookingat
resourceallocations,don'tforgettoplanforoutagesandensurethathavingtomove
Exchangevirtualmachinesinanemergencywon'tbumptheseallocationsoverthe
recommendednumbers.
WithExchangeServer2013andExchangeServer2016,youcansupportmixingnative
Exchangeandhypervisorhigh-availabilitytechnologies,aslongasyoustaywithinthe
Microsoftsupportboundaries.YoucandeployExchangeDAGsonvirtualclustersand
moveactiveDAGmembersaroundusinghypervisormigrationtechnologies,aslong
asyouavoidusingtechnologiesthatwritethecurrentmemorystateoftheExchange
guesttoadisk-basedfile.Thesetechnologiesarecommonlyusedtoenhance
availabilityandevendisasterrecoveryatthehypervisorlevelwithoutrequiringthe
virtualmachineoperatingsystemorapplicationtoexplicitlysupportthem.These
technologiesincludethefollowing:
Hyper-V'sLiveMigrationandVMware'svMotionbothtransfermemorypagesof
anactivevirtualmachinefromthesourcehosttothetargetusingadirectnetwork
connection.Thesemethods,andotherslikethemonotherSVVP-validated
hypervisors,aresupportedforusewithvirtualExchangemachinesbecausethey
ensurethatthememoryofthetransitionedmachineswon'tgrowoverlystale
comparedwiththeotherDAGmembersorcausethestorecachestogetoutofsync
withtheon-diskdata.BeawarethatmanyorganizationsopttouseExchange
Server'snativehighavailabilityfeaturesinstead.Thisisbecausetherecanbe
occasionalissuesafteralivemigrationorvMotion.
Hyper-V'sQuickMigration,andothertechnologieslikeit,isnotsupported.Quick
Migrationwritesthememorystatetoadisk-basedfile.Thisslowsdownthe
transitionandputsthevirtualmachineatriskofhavingamismatchbetweenthe
machinememoryandthestateoftheotherDAGmembersorthedatabasecache
anddataondisk.
Virtualsnapshotscreateafile-baseddumpofmemory.Ifthemachineisever
rolledbacktothissnapshot,theon-diskdatabasedatawillbeseverelyoutofdate.
Permanentdatalosscouldresult.Usingvirtualsnapshots,androllingback
virtually,guaranteesthatyou'llscrewupyourdatabases—andbecauseMicrosoft
doesn'tsupportvirtualsnapshotsandrollbacks,you'llbeonyourowntocleanup
themess.
Technologiesthatbringupafailedvirtualmachineonanotherhost,suchas
VMware'shighavailability,aresupportedaslongastheybringupthatnew
instancefromacoldboot.Butthinkcarefullyaboutwhetheryoureallywanta
failedExchangeservertocomebackupautomaticallywithouthavingachanceto
analyzewhat'sgoingonwithit.Intheworst-casescenario,youcouldhavean
Exchangeserverbouncingthroughthehostsinyourvirtualcluster,wreaking
havoconthem.
Technologies,suchasVMware'sDistributedResourcesSchedulerandHyper-V's
integrationwiththeSystemCentersuite,havethecapabilitytodynamicallymove
virtualmachinesfromonehosttoanothertoensureresourceutilizationis
balancedorstayswithinthresholds.Thisisagoodcapabilityinprinciple,but
again,forExchangeserversthisfeaturecancreatemoreproblemsthanitsolves.
YoushouldneverallowmultipleDAGmemberstobeactiveonthesamehost;
withoutcarefulmanagement,thesefeaturescanputyourdataatgreaterrisk.
DAGsmakeiteasiertoplanfor,configure,andmaintainbothhighavailabilityand
siteresilienceintheExchangeapplication.BecauseDAGsareapplication-aware,your
serversarealwaysincontrolofanyExchangedata.WheninaDAG,theExchange
serversareinconstantcommunicationaboutthestatusofadatabaseintheDAG;
thereshouldbeminimalimpactifaserverordatabasegoesdownforanyreason.
ManyadministratorsbelievethatnativeExchangetechnologiesprovideamore
effective,highlyavailableExchangeenvironmentcomparedtovirtualizationproviding
highavailabilityand/ordisasterrecovery.
ExchangeRoles
Previousversions(andservicepacks)ofExchangeServerlimitedtherolesyoucould
virtualize.TheselimitationshavebeengonesinceExchangeServer2013;youcan
virtualizeboththeMailboxandEdgeTransportroles.Makesuretofollowcommon-
sensebest-practiceguidelines:
Don'tplacetwoofthesameroleonthesamevirtualizationhost,especially
MailboxserversinaDAG.
Inavirtualcluster,leaveahostortwofreeofExchangeguestssoyouhavethe
freedomtomoveExchangevirtualmachinestorespondtooutagesoremergencies.
Whenplanningcapacity,don'tforgettoaccountfortheimpactoflosingan
Exchangeguest.AMailboxserverthatprovidessufficientfreeheadroomwhenthe
entireDAGisupandrunningmaytipthehostovertoprocessorormemory
overutilizationwhenyoutakeaDAGmemberdownforpatching.
Testing
Aswithanyengineeringeffort,youneedtomakesurethatyouhaveatestingplanfor
thevirtualizedguestsandhost.Yourplanneedstoincludetestingallyourvirtual
machinesatthesametime.Oneoftheworstthingsyoucandoistotestonlyasingle
serveratatime.Instead,testasclosetoreal-worldoperatingconditionsaspossible.
Testtheentiresolutionandnotpiecesofthesolution.Thesolutionshouldinclude
anythird-partyapplicationsthatareintheenvironment,aswell.Anythingthatyou
leaveoutofthetestingcyclecouldcomebacktohauntyouwhenyoumoveto
production.
UsetheMicrosoftExchange–specificvalidationtoolstotestyourconfigurationand
ensurethatyouhaveallthesettingsproperlydialedin.Jetstresswasreleasedfor
ExchangeServer2013andissupportedforExchangeServer2016,anditis
downloadablefromtheMicrosoftdownloadsite.Itisoneofthekeytoolsusedtotest
theperformanceofthedisksubsystembeforeExchangeisinstalledinthevirtual
machines.TheinformationthatJetstressgivesyoushouldlineupwiththe
performancerequirementsyougatheredearlyintheproject.LoadGeneratorfor
ExchangeServer2013,alsoavailableforfreefromMicrosoftDownloads,willsimulate
thedifferentclientconnectionsthatwillbeinyourenvironment.Youwillbeableto
definehowmanysimulatedclientswilluseeachconnectionprotocolandhowmuch
emailtraffictheywillsendandreceive.Whenusingthetestingtools,trytoemulate
theuserbasethatiscurrentlyintheenvironment.IfnoneofyourusersuseOutlook
ontheweb,thendon'tputitinthetestcases.Ifyourorganizationincludesheavy
usersofExchangeActiveSync,makesurethatyouhaveincludedthecorrect
informationtoheavilytestforExchangeActiveSync.Atthetimeofthiswriting,Load
GeneratorhasnotyetbeenupdatedforExchangeServer2016.
Remember:inthevirtualizedenvironment,youshoulddoeverythingyouwould
normallydoinaphysicalenvironment.Don'tfallintothetrapofthinkingthat
becauseitisavirtualizedenvironment,itisadifferentsolution.Youaretheonlyone
whoshouldknowthattheseserversarevirtualized.Theendusersandthefirstlineof
thehelpdeskshouldneverbeabletotellthedifference.
PossibleVirtualizationScenarios
Inthissection,wewilllookatseveralscenariosthatcouldleadtoapositive
virtualizationexperience.Thesescenariosarenotguaranteesofsuccessbutexamples
ofwhatmaywork.(Onceyoustarttestingyourenvironment,youmayfindsituations
inwhichphysicalserversarethebestsolution.)Wewilldiscusspossiblehardwarefor
boththevirtualizationhostandthevirtualmachine,butthisisjustanestimationof
hardwarethatmaybeneeded;wewillnotbelookingatthephysicalspecifications.
Thesescenarioshavenotbeentestedinalabforperformance.Theyaremerely
examplesofwhatcouldbevirtualized.
SmallOffice/RemoteorBranchOffice
Inthisscenario,ourofficehasarelativelysmallnumberofusers,andweneedto
provideemailservicestothem.Wehavedeterminedthatuserswouldbebetteroff
usinglocalExchangeserversthanpullingemailacrosstheWAN.Becausetheusers
areinaremoteoffice,wewillbesupplyingdirectoryservicesaswell.Wewantto
provideredundancyandhighavailabilitywherepossible.Byusingasmallnumberof
physicalhostsasavirtualcluster,wecandeploythenecessaryservers,keepcosts
down,andmeetouravailabilityrequirements.
Wehavedeterminedthroughresearch,interviewswithstaffmembers,anddata
collectionthatwehavelightemailusers.Wewillbeprovidinghighavailabilityvia
DAG.Wealsohavearequirementforsiteresilience,sowewillextendtheDAGtothe
maindatacenter.
Aswestarttobuildthissolution,wemustdeterminewhichvirtualmachineswillbe
placedonwhichvirtualizationhosts.Weseeaneedforthefollowing:
TwoExchangeservers
Twodomaincontrollers
Afileserver(whichwecanuseasthefile-sharewitness)
Abackupserver
Wecanputthissolutiontogetherwithaminimumoftwophysicalserversand
storage,althoughforfullredundancy—forpatching,outages,andthelike—wewould
needthree.Theexactspecificationsontheserversandstoragearenotbeing
discussed.WhenwecreatetheDAG,wewillspecifythecorrectlocationforthefile-
sharewitness.Wemustnotcreateanissuewherethefile-sharewitnessendsupbeing
onthesamevirtualizationhostasaMailboxserverintheDAG.Ifthisweretohappen
andwecreatedthefile-sharewitnessonVirtualizationHost1or3,thenwe'dhavetwo
votingmembersoftheDAGonthesamephysicalhardware.Thisisnota
recommendedsolution.Followingisavirtualizationlayoutdepictingathree-server
solution.
VirtualizationHost1willhavethefollowingvirtualmachines:
DomainController1
Exchange1
VirtualizationHost2willhavethefollowingvirtualmachines:
DomainController2
Fileserver
VirtualizationHost3willhavethefollowingvirtualmachines:
Exchange2
Backup
Withproperspecifications,ourphysicalserverswillnotbeover-utilizedbythe
plannedworkloads;therewillbeenoughsparecapacitytoensurethatvirtual
machinescanbemovedforshortperiodsoftime.Insteadofhavingsixserversinuse,
wewillhavethreeservers—a50percentreductioninphysicalserversforthislocation.
SiteResilience
Inthisscenario,we'llsetupasecondlocationforsiteresilience.Weassumethatthe
primarydatacenterisfullyfunctionalwithExchangeServer2016physicalservers.We
havebeenhandedanewrequirementtoprovidesiteresilienceforallusersinour
organization.Wewillalsoneedtoprovidethesamelevelofperformanceand
reliabilityastheprimarydatacenter.OurprimarydatacenterhasfourExchange
serversinaDAG.
Tomeettherequirements,wewillbedeployingninevirtualmachines:fourdomain
controllers,onefileserver,andfourExchangeservers.Weareusingfourdomain
controllerstokeepdownthenumberofvirtualprocessorsandRAMoneachdomain
controller.
Wewillneedfourphysicalserversforthesolution.Foreaseofordering,wewillorder
allserverswiththesamehardwarespecifications.
VirtualizationHost1willhavethefollowingvirtualmachines:
DomainController1
ExchangeServer1
VirtualizationHost2willhavethefollowingvirtualmachines:
DomainController2
ExchangeServer2
VirtualizationHost3willhavethefollowingvirtualmachines:
DomainController3
ExchangeServer3
VirtualizationHost4willhavethefollowingvirtualmachines:
DomainController4
ExchangeServer4
Inthisscenario,wewouldmanuallyplacethefile-sharewitnessonanexistingfile
serverinthesite.Youmayrecallthatthefile-sharewitnessisusedwhenthereisan
evennumberofserversintheDAG.Wehavethathere,butthereareenoughservers
toseparatethewitnesswithoutputtingtheDAGinjeopardy.
Byseparatingthevirtualmachinesacrossfourvirtualizationhosts,wehave
accomplishedthetaskathand.Ifwehadchosentomirrortheproduction
environmentandusephysicalservers,wewouldhaveneededeightservers.Ata
minimum,wecutourserversby50percentwiththeinclusionofthedomain
controllers.Theflipsideofthisisthatweprobablyincreasedthenumberof
processorsandamountofRAMinthevirtualizationhosts.Bydoingthis,wealso
increasedthecostofthevirtualizationhosts.Thecostincreasemaybeminimal,but
youshouldcalculateitbeforeimplementingthissolution.Dependingonwhich
hypervisoryouchoose,theremaybecostsassociatedwiththehypervisorsoftware.In
addition,thereareoperationalcostsassociatedwitheachvirtualizationhost.
MobileAccess
Forthemobilesolution,wehaveacustomerthatmustreactquicklytoanemergency.
Theyneedtohavetheirentireinfrastructurephysicallywiththem.Theydonotneed
totiebackintoacorporateenvironment,buttheywillbeconnectingtotheInternet
andmustbeabletosendandreceiveemailandsurftheInternet.Theyalsorequirea
databaseserver,file/printcapabilities,andcollaboration.Therewillbeanexternal
appliancetoprovidefirewallprotection.Thisisalsoconsideredashort-termsolution.
Oncethedisasterisoverorapermanentdatacenterhasbeenestablished,themobile
solutionwillbedecommissioned.Thissolutionbringsinseveraldifferent
technologiesinadditiontoExchange.
Thecustomerhasonly50users,buttheywillbesendingandreceivingalargeamount
ofemail.Withthisnumberofusers,therewillnotbeahugedrawonanyofthe
servers.Knowingthis,weareabletominimizetheserverrequirements.Wecankeep
thefile-sharewitnessseparatedfromtheExchangeservers.Wewillplaceanodeof
thedatabaseclusteronthesamevirtualizationhostasoneoftheExchangeservers.
Thisisnotarecommendedsolutionforenvironmentswithhigherrequirements,but
becausewehaveasmallnumberofusersandlowdemand,weshouldbefinewiththe
layout.
VirtualizationHost1willhavethefollowingvirtualmachines:
DomainController1
ExchangeServer1
DatabaseServerNode1
VirtualizationHost2willhavethefollowingvirtualmachines:
DomainController2
ExchangeServer2
CollaborationServer1
VirtualizationHost3willhavethefollowingvirtualmachines:
FileandPrintNode
DatabaseServerNode2
CollaborationServer2
Weareabletomeettherequirementsforthecustomerwithonlythreephysical
servers.Ifduringtestingwedecidethatweneedadditionalcapacity,wecanadd
anotherserverorincreasethespecsontheexistingservers.Lookingatthenumbers,
youcanseethatwehavedecreasedthenumberofphysicalserversfromninetothree,
whichisa66percentreduction.
VirtualizetheLab
YouwillhaveplentyofopportunitiestovirtualizeExchange.Oneofthose
opportunitiesisinthelab.Whenyouvirtualizeyourlab,youcandoa
virtualizationequaltowhatisgoingtobeinproductionoryoucanhavea
differentlayout.Therearebenefitstoboth.
Ifyouareabletoduplicatethelabandproduction,youcanincludeperformance
testing.Duplicatingthelabtoproductionmeansnotonlymatchingthenumberof
serversandroledesignationsbutalsodeterminingwhethertheywillbephysical
servers.Ifyouaregoingtovirtualizeinproduction,thistestwillgiveyouaccurate
resultsandabaselinefortheproductionenvironment.Youwillalsoincreasethe
hardwarerequirementforthevirtualizationhostsandthestorageyouwillbe
using.
Ifyouarenotabletoduplicatethelab,youmustprepareyourselfandinform
managementthatthelabisforfunctionaltestingonly.Ifyouweretodoany
performancetesting,theresultswouldnotbeaccurate.Byusingthismethod,you
willsaveonhardwareforthevirtualizationhostsandstorage.
BothscenarioswillgiveyouagoodbasefortestingyourvirtualizedExchange
environment.Onegivesyoutheabilitytotestperformanceandfunctionalitywith
anaddedhardwarecost,whiletheothergivesyoutheabilitytodoafunctional
testwithminimalhardwarecosts.
TheBottomLine
Evaluatethepossiblevirtualizationimpacts.Knowingtheimpactsthat
virtualizationcanhavewillhelpyoumakethevirtualizationasuccess.Conversely,
failuretorealizehowvirtualizationwillimpactyourenvironmentcanendup
makingvirtualizationapoorchoice.
MasterItWhatkindofimpactwouldvirtualizingExchangehaveinyour
environment?
EvaluatetheexistingExchangeenvironment.Beforeyoucandeterminethe
feasibilityofavirtualizedExchangeenvironment,youmustknowhowyour
currentsystemsareperforming.
MasterItAreyourExchangeserversgoodcandidatesforvirtualization?
Determinewhenphysicalserversaretherightchoice.Therewillbetimes
whenvirtualizationofExchangeServerisn'tappropriateforanorganization.
MasterItWhataresomecommonreasonstostickwithphysicalserversfor
ExchangeServer?
Chapter5
IntroductiontoPowerShellandtheExchange
ManagementShell
MicrosoftPowerShellisanextensible,object-orientedcommand-lineinterfaceforthe
Windowsoperatingsystem.TheExchangeManagementShell(EMS)isasetof
ExchangeServer–specificextensionstoMicrosoft'sPowerShell.TheEMSwasfirst
introducedwithExchangeServer2007andhasbeenenhancedwitheachsubsequent
releaseofExchangeServer.Thelatestreleaseincludestheabilitytoconnecttoremote
sessionsonotherExchangeserverswithouttheExchangeManagementtools.
Inthischapter,weintroduceyoutobothPowerShellandtheEMS.Wehopetogive
youabasicideaofsomeofthecapabilitiesandencourageyoutolearnmore.
IsknowledgeoftheEMSrequired?SomeadministratorswillmanagetheirExchange
serversforyearsandrarelyusetheEMS,whereasothersuseitdaily.However,we
thinkitissafetosaythatatleastalimitedknowledgeoftheEMSwillberequiredby
alladministratorsbecausesomespecializedconfigurationoptionscanbesetonly
fromtheEMS.
Wehopethatthischapterwillprovideyouwithenoughofanintroductionto
PowerShellthatyouwon'tdreadgettingtoknowit.
INTHISCHAPTER,YOUWILLLEARNTO:
UsePowerShellcommandsyntax
Understandobject-orienteduseofPowerShell
EmploytipsandtrickstogetmoreoutofPowerShell
GethelpwithusingPowerShell
WhyUsePowerShell?
BasedondiscussionsinInternetnewsgroups,webforums,andclassroomsaboutthe
decisiontoputthemanagementarchitectureofExchangeServer2007ontopof
PowerShell,youwouldthinkthatthiswasoneofthemostcontroversialdecisions
Microsoftevermade.Originally,therewasenthusiasticdebate(andname-calling)on
bothsidesofthefence.ButsomeexperiencedExchangeServeradministrators
thoughttheExchangeManagementShellwasthebestimprovementMicrosofthad
madesinceExchangeServer2003.NowthatMicrosofthasextendedPowerShellto
virtuallyalloftheircoreinfrastructureproducts,moreadministratorsarecomfortable
withPowerShellandarehappywithitbeingakeymanagementtechnology.
WehavetoadmittobecomingbigsupportersoftheEMSfromthebeginning.Allit
tookwasspendingabitoftimewithitandgettingtoknowsomeofthebasic
functionality.Thebiggestfearthatmanyadministratorshaveisthattheywillhaveto
learnnotonlysomeoftheshell'scommands(calledcmdlets)butalsoascripting
languagejusttomanageExchangeServer.Thatisnotthecase.
TheintentoftheEMSistoprovideaconsistentinterfaceforperformingmanagement
tasksforExchangeservers,whetherperformingautomationtasks,writingscripts,or
extendingthemanagementcapabilities.Tasksoroperationsthatoncerequired
multipleprogrammingAPIsandhundredsoflinesofscriptingcannowbe
accomplishedinasinglecommand.Singlecommandscanbejoinedtogether—the
outputofonecommandcanbepipedtoanothercommandasinput—toperform
extremelypowerfulfunctions.
ThebasePowerShellthatshipswithWindowsServer2012andlaterversionsprovides
thousandsofbuilt-incmdlets,andthereareseveralhundredadditionalExchange
Server–relatedcmdletsyoucanuseintheEMS;thegoalistocoverallExchange
Server–relatedadministrativetasks.Youwillfindcmdletsthatmanipulateotherdata
inActiveDirectory(suchascmdletsformanaginguseraccounts)andcontrol
ExchangeServer–relateddataintheRegistryorInternetInformationServices,butthe
cmdletswillonlymanipulateormanagedatarelatedtoExchangeServer.The
ExchangeteamisexpectingotherinternalMicrosoftteams,suchastheActive
DirectoryorInternetInformationServerteam,toprovidetheirownextensionstothe
managementshell(whichtheyhave).
TherearealotofverygoodreasonsforMicrosofttocreatethismanagementlayer
acrossallitsproducts.Itprovidesaconsistentmanagementandscriptinginterfacefor
allserverproducts,developsasecuremethodforremotescripting,improvesbatching,
andprovidesyouwithaneasywaytoautomateandrepeatanythingyoucandointhe
GUI.Infact,PowerShell,firstintegratedinExchangeServer2007,isnowthedefacto
managementinterfaceforallMicrosoftenterpriseproducts,suchasSystemCenter,
SQLServer,andSkypeforBusiness.
TheExchangeManagementShellisbuiltontopofWindowsPowerShell.Ithasthe
built-inExchangecmdletsthatyou'llusetoperformallofyouradministrativework.
YoucanuseittodoeverythingyoucandointheEACandmore.But,youcan'timport
anExchangePowerShellmoduleatastandardPowerShellprompt.Well,whilethere
arewaysofdoingso,itisn'tsupportedandsomefunctionalityismissing.Thus,always
planonrunningtheExchangeManagementShellwhenyouwanttousePowerShell
foryourExchange-basedadministrativetasks.
UnderstandingtheCommandSyntax
Theproblemwithalotofscriptinglanguagesandcommandshellsisthat,astheyget
morecomplexandpowerful,thecommandsyntaxgetsmoreandmorecryptic.
PowerShellandtheEMSseektomakeusingthecommand-lineinterfaceandscripting
moreintuitive.Tothisend,mostPowerShellandEMScmdletsconsistoftwo
components:averbandanoun.
JustinCase
PowerShellcmdletsandtheEMSextensionsforPowerShellarecaseinsensitive.
Thatmeansyoucantypeeverythinginuppercase,typeeverythinginlowercase,or
mixandmatchthecaseofthelettersinyourcommands.
ForreadabilityandpersuggestionsfromfolksontheExchangeServerteamat
Microsoft,weareusingPascal-casinginthisbook.WhenyouusePascalcasing,
thefirstcharacterofeachwordisinuppercase;ifthecmdlethasmorethanone
word,thefirstletterineachwordisinuppercase.Allotherlettersinthecmdlet
arelowercase;soforexample,thecmdletthatisusedtoretrievemailbox
statisticsiswrittenasGet-MailboxStatistics.
VerbsandNouns
Theverbidentifiestheactionthatisbeingtaken,andthenounindicatestheobjecton
whichtheactionisbeingtaken.Theverbalwayscomesfirst,andtheverbandnoun
areseparatedbyahyphen(suchas,Get-Mailbox).Thefollowinglistshowssomeofthe
commonverbsyou'lluseintheEMS;someofthesearespecifictotheEMS,butmost
aregenerictoWindowsPowerShell.
GetGetisprobablythemostcommonverbyouwilluse.Getretrievesinformation
aboutthespecifiedobjectandoutputsinformationabouttheobject.
SetSetisprobablythesecondmostcommonverbyouwilluse.Setallowsyouto
updatepropertiesoftheobjectspecifiedinthenoun.
NewNewcreatesnewinstancesoftheobjectspecifiedinthenoun.
EnableEnableactivatesorenablesaconfigurationontheobjectspecified,suchas
enablinganexistinguseraccount.
AddAddcanbeusedtoadditemstoanobjectortoaddpropertiesofanobject.
RemoveRemovedeletesaninstanceoftheobjectspecifiedinthenoun.
DisableDisabledisablesordeactivatestheobjectspecifiedinthenoun.An
exampleofthisisremovingamailboxfromanexistinguser(butnotdeletingthe
useraccount).
MountMountisusedtomountanExchangeServermailboxorpublicfolder
database.
DismountDismountisusedtodismountanExchangeServermailboxorpublic
folderdatabase.
MoveMovecanbeusedtoactivateadatabasecopyonamailboxserver.
TestTestperformsdiagnostictestsagainsttheobjectspecifiedbythenounand
theidentityoption.
UpdateUpdateisusedtoupdatespecifiedobjects.
Theactualnounsthatareusedinconjunctionwiththeseverbsaretoonumerousto
mentioninevenafewpagesoftext.Thefollowingisalistofcommonnouns;laterin
thischapteryou'lllearnhowtousetheonlinehelptofindmorecmdletsthatyou
need.Thenounsinthislistcanbeusedinconjunctionwithverbs,suchastheonesin
theprecedinglist,tomanipulatethepropertiesofExchangeServer–relatedobjects.
However,notallverbsworkwithallnouns,andunfortunatelyitsometimesrequires
sometrialanderrortodeterminewhatworksandwhatdoesn't.
ActiveSyncMailboxPolicyPropertiesofActiveSyncpoliciesthatcanbeassignedto
amailbox
CASMailboxPropertiesofamailboxrelatingtoclientfeaturessuchasOutlookon
thewebandExchangeActiveSync
ClientAccessServerPropertiesspecifictoclientaccess
DistributionGroupPropertiesrelatingtomail-enableddistributiongroups
DynamicDistributionGroupPropertiesrelatingtoadynamicdistributiongroup
EmailAddressPolicyPropertiesrelatingtothepoliciesthatareusedtodefine
emailaddresses
ExchangeServerPropertiesrelatedtoExchangeservers
MailboxPropertiesrelatedtousermailboxes
MailboxDatabasePropertiesrelatedtomailboxdatabases
MailboxServerPropertiesspecifictoanExchangeServerMailboxserverrole
MailContactPropertiesrelatingtomail-enabledcontactobjects
MailUserPropertiesrelatingtoauserthathasanemailaddressbutnotamailbox
MoveRequestPropertiesandactionsrelatedtomovemailboxrequests
ReceiveConnectorPropertiesrelatingtoReceiveconnectors
SendConnectorPropertiesrelatingtoSendconnectors
TransportConfigPropertiesspecifictoExchangeServerTransportservices
UMMailboxPropertiesrelatingtoUnifiedMessaging
UserPropertiesrelatingtouserobjects
CmdletsWorkOnlywithRemotePowerShellinExchangeServer
2010andLater
Oneimportantthingtokeepinmindwithcmdletsisthattheyarenotindividual
executablesbutrather.NETclassesthatareaccessibleonlyfromwithin
PowerShellandonlyiftheExchangeServerextensionstoPowerShellareloaded.
WithExchangeServer2010andlater,though,youcanconnecttoaremote
sessiononaremoteExchangeServercomputertoperformcommandsonthat
remotecomputer.ThisisoftenreferredtoasremotePowerShell,ortheabilityto
connectremotelytoaPowerShellsession.Whetheryouusetheshellto
administeralocalserveroradministeraserveracrossthecountry,remote
PowerShellisusedtoperformtheoperationinExchangeServer.
UnlikeinMicrosoftExchangeServer2007,whichusesalocalWindows
PowerShell,WindowsPowerShellconnectstotheclosestExchangeServer
(version2010orlater)serverusingWindowsRemoteManagement.The
PowerShellmodulethenperformsauthenticationchecksandthencreatesa
remotesession.Whentheremotesessioniscreated,theuserseesandhasaccess
onlytothecmdletsandtheparametersassociatedwiththemanagementrole
groupsandmanagementrolesassignedtotheuser.
Help
Thereisamoredetailedsectionneartheendofthischaptertitled“GettingHelp”;
however,asyoustartyourjourneyintolearningPowerShellandtheEMS,youshould
knowhowtogetquickandbasichelp.IfyouareusingPowerShellversion3orlater,
youfirstneedtodownloadallofthehelpcontent.YoucanruntheUpdate-Help
commandtodownloadthehelpcontent.Thereafter,youcanusetheGet-Helpcmdlet
toshowwhatparametersanycmdlettakes.Thisismuchlikethemancommandon
Linuxsystems:
Get-HelpGet-Mailbox
The-IdentityParameter
Forcmdletsthatrequireinput,usuallythefirstparameterprovidedisthe-Identity
parameter.Forexample,ifyouwanttoretrieveinformationaboutamailboxnamed
LawrenceCohenintheCorporateorganizationalunit(OU),youwouldrunthe
followingcommand:
Get-Mailbox-Identity'contoso.com/Corporate/LawrenceCohen'
However,youwillquicklyfindthatthe-Identityparameterisnotrequired.Ifyour
aliasesoraccountnamesareunique,eventhedomainandorganizationalunit
informationisnotrequired.Forexample,thiscommandwouldyieldthesameresult:
Get-Mailbox'contoso.com/Corporate/LawrenceCohen'
AslongasthereisonlyoneLawrenceCoheninActiveDirectory,youcanevendrop
thedomainandtheOUnameandthiscmdletwillyieldthesameresult:
Get-Mailbox'LawrenceCohen'
YouCanQuoteMeonThat
Anytimetheidentityyouareusinghasaspaceinit,youmustusequotes.Either
singleordoublequoteswillwork.
The-Identityparameterisoptionalbydesign.Asyouwillfindshortly,theinputfor
onecmdletcanevenbepipedinfromtheoutputofanothercmdlet.
Ifyouarenotsurewhatinputcanbespecifiedforthe-Identityparameter,youcan
easilylookupthisinformationeitherintheExchangeServeronlinehelporbyusing
theEMScommand-linehelp(moreonthislaterinthischapter).Fornow,let'slookat
onesmallpieceoftheGet-Mailboxhelpscreenthatshowsthedifferentvaluesthatcan
beusedtoidentifyamailbox:
-Identity<MailboxIdParameter>
TheIdentityparameteridentifiesthemailbox.Youcanuseoneofthefollowing
values:
*Name
*Displayname
*Alias
*Distinguishedname(DN)
*CanonicalDN
*<domainname>\<accountname>
*Emailaddress
*GUID
*LegacyExchangeDN
*SamAccountName
*UserIDoruserprincipalname(UPN)
Youcanseethatthe-IdentityparameterwilltakethemailboxGUID,theuser's
distinguishedname,thedomainnameandaccount,theUPNname,thelegacy
ExchangeServerdistinguishedname,theSMTPaddress,ortheExchangeServeralias.
Cmdletvs.Command
Youwillnoticethatsometimesweuse“command”andsometimesweuse
“cmdlet”whentalkingaboutPowerShell.Thereisasubtledifference:
Acmdletistheverb-nouncombinationthatperformsaspecifictask;itisthe
basePowerShellobjectthattakesinput,doessomethingtoit,andproduces
someoutput.
Acompletecommandisthecmdletalongwithanynecessaryoptionsthatthe
taskmightrequire.Thecommandnecessarytoretrieveinformationabouta
specificmailboxlookslikethis:
Get-Mailbox"GillianKatz"
CmdletParameters
PowerShellandEMScmdletssupportanumberofcommand-lineparametersthatare
useful.Parameterscanbecategorizedasmandatoryornotandaspositionalornot.
Whenaparameterismandatory,PowerShellrequiresyoutoaddtheparameterwitha
givencmdletandspecifyavalueforit.Iftheuseofaparameterisnotmandatory,you
areallowedtoincludeit,butyoudon'thavetodoso.ThecmdletNew-Mailbox
illustratesthisbehaviornicely.Whencreatinganewmailbox-enableduser,youhave
toincludetheparameterUserPrincipalName,butyouarefreetoincludetheparameter
OrganizationalUnit.TheEMSwillpromptyouforthevalueofanymandatory
parameteryouforgettospecify.Nexttobeingmandatoryornot,itisnotalways
necessarytoincludetheparametername.Whenaparameterispositional,youcan
justaddthevalueandleaveouttheparametername.ThecmdletGet-Mailboxhasno
mandatoryparametersbutdoeshaveapositionalparameter,namely-Identity.Ifwe
runthefollowingEMSline,theshellwillreturnthepropertiesofamailbox-enabled
userwhoseExchangealiasisOliver.Cohen:
Get-MailboxOliver.Cohen
NameAliasServerNameProhibitSendQuota
----------------------------------
Oliver.CohenOliver.CohenEx1unlimited
Thisisthesameasrunningthis:
Get-Mailbox-IdentityOliver.Cohen
NameAliasServerNameProhibitSendQuota
----------------------------------
Oliver.CohenOliver.CohenNYC-EX1unlimited
However,ifwerunthefollowingcommand,theshellwillcomplainthatitdoesn't
knowanymailbox-enableduserbythenameofEx1,becausetheparameterServeris
notpositional:
Get-MailboxEx1
Theoperationcouldn'tbeperformedbecauseobject'Ex1'couldn'tbe
foundon'dc01.contoso.com'.
+CategoryInfo:NotSpecified:(:)[Get-Mailbox],
ManagementObjectNotFoundException
+FullyQualifiedErrorId:3FEDEA30,Microsoft.Exchange.Management.
RecipientTasks.GetMailbox
However,ifyouapplytheproper-Serverparameterinyourcommand,theserver
namebecomesapparenttotheExchangeserver.Notethatthiscommanddisplaysall
ofthemailboxes,notjustthoseonEX1.
Get-Mailbox-ServerEx1
NameAliasServerNameProhibitSendQuota
------------------------------------
AdministratorAdministratorNYC-EX1unlimited
DiscoverySearchMailboxDiscoverySearchMaNYC-EX1unlimited
BobClementsBobClementsNYC-EX1unlimited
JordanChangJordanChangNYC-EX1unlimited
TylerM.SwartzTylerM.SwartzNYC-EX1unlimited
EliasMerebEliasMerebNYC-EX1unlimited
JohnRodriguezJohnRodriguezNYC-EX1unlimited
JonathanLongJonathanLongNYC-EX1unlimited
KevinWileKevinWileNYC-EX1unlimited
JohnParkJohnParkNYC-EX1unlimited
JulieR.SamanteJulieR.SamanteNYC-EX1unlimited
JimMcBeeJimMcBeeNYC-EX1unlimited
ChuckSwansonChuckSwansonNYC-EX1unlimited
KellySiuKellySiuNYC-EX1unlimited
GeraldNakataGeraldNakataNYC-EX1unlimited
Thefollowingaresomeoftheparametersthatcmdletsaccept.Notallcmdletswill
acceptalloftheseparameters;theseareusuallyoptional,and,ofcourse,someof
themwillnotberelevant.
-Identity-Identityspecifiesauniqueobjectonwhichthecmdletisgoingtoact.
The-Identityparameterisapositionalparameter,whichmeansthatitdoesnot
necessarilyhavetobeonthecommandline;PowerShellwillpromptyouforthe
identityifitisnotspecified.Asnotedpreviously,inmostcasesyoudonotneedto
specifythe-Identityparameterbutjusttheuniqueobjectname.
-WhatIf-WhatIftellsthecmdlettosimulatetheactionthatthecmdletwould
actuallyperformbutnotactuallymakethechange.
-Confirm-Confirmasksthecmdlettopromptforconfirmationpriortostartingthe
action.ThisoptiontypeisBoolean,soyouneedtoincludeeither$Trueor$False.
Somecmdlets(suchasNew-MoveRequest-)askforconfirmationbydefault,soyou
couldspecify-Confirm:$Falseifyoudidnotwanttheconfirmationrequestto
occur.
-Validate-Validatewillchecktheprerequisitesofthecmdlettoverifythatitwill
runcorrectlyandletyouknowifthecmdletwillrunsuccessfully.
-Credential-Credentialallowsyoutospecifyalternativecredentialswhen
runningaPowerShellcommand.
-DomainController-DomainControllerallowsyoutospecifytheFQDNofaspecific
domaincontrolleragainstwhichyouwanttoperformaPowerShelltask.
-ResultSizeThe-ResultSizeoptionallowsyoutospecifyamaximumnumberof
resultswhenworkingwithGet-cmdlets.
-SortByThe-SortByoptionallowsyoutospecifyasortingcriteriawhenoutputting
datathatisusuallytheresultofaGet-cmdlet.
-Verbose-VerboseinstructsGet-cmdletstoreturnmoreinformationaboutthe
executionofthecmdlet.
-Debug-Debuginstructsthecmdlettooutputmoreinformationandtoproceed
step-by-stepthroughtheprocessofperformingatask.-Debugreturnsmore
informationthanatypicaladministratorneedstoperformdailytasks.
Ifyouarepipingoutputofonecmdletintoanother,theparametersmustbewithin
thecmdletthatyouwanttheparametertoaffect.
TabCompletion
Inordertobedescriptiveandhelpful,someofthecmdletsareprettylong.Considerif
youhadtotypeGet-DistributionGroupMemberseveraltimes!However,PowerShell
includesafeaturecalledtabcompletion.Ifyoutypepartofacommandandthenpress
theTabkey,PowerShellwillcompletethecmdletwiththefirstmatchingcmdletitcan
find.Forexample,ifyoutypeGet-DistriandpressTab,PowerShellwillautomatically
filloutGet-DistributionGroup.IfyoupressTabagain,PowerShellwillmoveontothe
nextmatchingcmdlet,orinthiscaseGet-DistributionGroupMember.
Thetabcompletionfeaturealsoworksforcmdletparameters.Ifyoutypeacmdlet
followedbyaspaceandahyphen,suchasGet-Mailbox-,andthenpressTab,youwill
cyclethroughalltheparametersforthatparticularcmdlet.Whenyouinclude
parameterswithyourcmdlet,itisnotnecessarytospecifytheirfullnames.Itis
sufficienttoenterenoughletterstomakesuretheEMScanfigureoutwhich
parameteryoumeanttodefine.Forexample,ifyouenterGet-Mailbox-Seserver1,
youwillbegivenalistofallmailboxeshousedonserver1.Buttabcompletioncanbe
usefultohelpyoukeepanoverviewofyourEMSlines.
Alias
PowerShellandtheEMSalsoincludealiasesthatallowyoutoinvokecmdletsusinga
familiarsynonym.AtypicalexamplehereisenteringDirtogetalistofallfilesinthe
directorythatyouareinandallsubdirectoriesafterthatdirectory,whichisinfactan
aliasforthecmdletGet-ChildItem.Table5.1showssomecommonaliasesthatare
builtintoPowerShell.
Table5.1PowerShellCommonAliases
Alias Definition
Dir Get-ChildItem
Ls Get-ChildItem
Type Get-Content
Cat Get-Content
Write Write-Output
Echo Write-Output
cd Set-Location
sl Set-Location
cls Clear-Host
Butitisimportanttorememberthatenteringanaliasintheendislikeenteringa
cmdlet,thusimposingsomeconstraintsthatdonotapplywhenenteringthealiases
fromTable5.1inacommandprompt.Ifyouwouldliketogetalistofallfiles,and
fileslocatedinsubdirectories,youwouldbeinclinedtoenterdir/s,butwhendoing
soyouwillbefacedwiththefollowingerrormessage:
dir/s
Get-ChildItem:Cannotfindpath'C:\s'becauseitdoesnotexist.
Atline:1char:4
+dir<<<</s
Ofcourse,dir/sworksatacommandprompt.UsingPowerShell,youknowyouneed
toincludeanyparameterbyaddingahyphenfollowedbytheparametername:
dir-Recurse:$True
or:
dir-r
Object-OrientedUseofPowerShell
OneofthereasonsPowerShellissoflexibleisthattheoutputofcommandsisnottext
basedbutratherobjectbased.PowerShellusesanobjectmodelthatisbasedonthe
Microsoft.NETFramework.PowerShellcmdletsacceptandreturnstructureddata.
Don'tlettheterms“objectmodel”or“object-oriented”scareyou,though.Thisisreally
quitesimple.Forexample,Figure5.1showstheoutputoftheGet-Mailboxcmdlet.
Figure5.1OutputoftheGet-Mailboxcmdlet
Whatyouseeonthescreenistexttotheuserinterface,buttoPowerShellitisreallya
listofobjects.Youcanmanipulatetheoutputtoseethepropertiesyouwant,filterthe
output,orpipetheoutput(theobjects)toanothercmdlet.
FilteringOutput
InFigure5.1,youcanseethatthecmdletweused(Get-Mailbox)outputsevery
mailboxintheentireorganization.Thereareanumberofwaysyoucanfilteror
narrowthescopeoftheoutputyouarelookingforfromaspecificcmdlet.Inthecase
ofGet-Mailboxandothercmdlets,youcanspecifyjusttheidentityofthemailboxfor
whichyouarelooking.
PowerShellincludestwooptionsthatcanbeusedspecificallyforfilteringtheoutput.
ThesearetheWhere-Object(orWherealias)andtheFilter-Object(orFilter)objects.
TheWhereclausecanbeusedonmostcmdlets,andthefilterisappliedattheclient.
TheFilterclauseisavailableonlyonasubsetofthecommandsbecausethisfilteris
appliedbytheserver.
Inthefollowingcommand,theoutputoftheGet-MailboxcmdletispipedtotheWhere
clause,whichfilterstheoutput:
Get-Mailbox|Where-Object{$_.MaxSendSize-gt25000000}
Inthiscase,theoutputisanymailboxwhose-MaxSendSizeparameterisgreaterthan
25,000,000bytes.DidyounoticetheportionoftheWherestatement$_.MaxSendSize?
The$_portionrepresentsthecurrentobjectthatisbeingpipedtotheWhere-Object
cmdlet,and.MaxSendSizerepresentstheMaxSendSizepropertyofthatobject.
Fornonprogrammers,thismightseemalittledifficultatfirst,butwepromiseitgets
mucheasierasyougoalong.Theoperatorsarealsosimpletoremember.Table5.2
showscommonoperatorsthatcanbeusedinclausessuchasWhere-Objectorjustthe
Wherealias.TheOperatorcolumndefineshowthevaluedefinedasanobjectproperty
istreated.
Table5.2ShellValuesandOperators
Shell
Value
Operator Function
-eq Equals Theobject.propertyvaluemustmatchexactlythespecifiedvalue.
-ne Not
equals
Theobject.propertyvaluemustnotmatchthespecifiedvalue.
-gt Greater
than
-gtworkswhentheobject.propertyvalueisaninteger.
-ge Greater
thanor
equalto
-geworkswhentheobject.propertyvalueisaninteger.
-lt Lessthan -ltworkswhentheobject.propertyvalueisaninteger.
-le Lessthan
orequal
to
-leworkswhentheobject.propertyvalueisaninteger.
-like Contains -likeisusedwhentheobject.propertyvalueisatextstring.The
matchingstringcaneithermatchexactlyorcontainwildcards(*)
atthebeginningorendofthestring.
-
notlike
Doesnot
contain
-notlikeisusedwhentheobject.propertyvalueisatextstring
andyouwanttoseeifthevaluesdonotmatchthestring.The
matchingstringcancontainwildcards(*)atthebeginningorend
ofthestring.
Sometimes,findingallofthepropertiesthatcanbeusedwithaparticularcmdletcan
bedifficult.Wewouldliketoshareacoupleoftipsthatwillhelpillustrateordiscover
theseproperties.Let'staketheSet-Mailboxcmdletasanexample.First,youcan
simplyusetheavailableonlinehelpsuchasthis:
set-mailbox-?
NAME
Set-Mailbox
SYNOPSIS
Thiscmdletisavailableinon-premisesExchangeServer2016andinthe
cloud-basedservice.Someparametersand
settingsmaybeexclusivetooneenvironmentortheother.
UsetheSet-Mailboxcmdlettomodifythesettingsofexistingmailboxes.
ForinformationabouttheparametersetsintheSyntaxsectionbelow,see
Syntax.
SYNTAX
Set-Mailbox-Identity<MailboxIdParameter>[-AcceptMessagesOnlyFrom
<MultiValuedProperty>]
[-AcceptMessagesOnlyFromDLMembers<MultiValuedProperty>][-
AcceptMessagesOnlyFromSendersOrMembers
<MultiValuedProperty>][-AddressBookPolicy
<AddressBookMailboxPolicyIdParameter>][-Alias<String>]
[-AntispamBypassEnabled<$true|$false>][-ApplyMandatoryProperties
<SwitchParameter>][-Arbitration
<SwitchParameter>][-ArbitrationMailbox<MailboxIdParameter>][-
ArchiveDatabase<DatabaseIdParameter>]
[-ArchiveDomain<SmtpDomain>][-ArchiveName<MultiValuedProperty>][-
ArchiveQuota<Unlimited>][-ArchiveStatus
<None|Active>][-ArchiveWarningQuota<Unlimited>][-AuditAdmin
<MultiValuedProperty>][-AuditDelegate
<MultiValuedProperty>][-AuditEnabled<$true|$false>][-AuditLog
<SwitchParameter>][-AuditLogAgeLimit
<EnhancedTimeSpan>][-AuditOwner<MultiValuedProperty>][-
BypassModerationFromSendersOrMembers
<MultiValuedProperty>][-CalendarLoggingQuota<Unlimited>][-
CalendarRepairDisabled<$true|$false>]
[-CalendarVersionStoreDisabled<$true|$false>][-ClientExtensions<$true
|$false>][-Confirm
[<SwitchParameter>]][-CreateDTMFMap<$true|$false>][-CustomAttribute1
<String>][-CustomAttribute10<String>]
[-CustomAttribute11<String>][-CustomAttribute12<String>][-
CustomAttribute13<String>][-CustomAttribute14
<String>][-CustomAttribute15<String>][-CustomAttribute2<String>][-
CustomAttribute3<String>]
[-CustomAttribute4<String>][-CustomAttribute5<String>][-
CustomAttribute6<String>][-CustomAttribute7
<String>][-CustomAttribute8<String>][-CustomAttribute9<String>][-
Database<DatabaseIdParameter>]
[-DefaultPublicFolderMailbox<RecipientIdParameter>][-
DeliverToMailboxAndForward<$true|$false>][-DisplayName
<String>][-DomainController<Fqdn>][-DowngradeHighPriorityMessagesEnabled
<$true|$false>]
[-DumpsterMessagesPerFolderCountReceiveQuota<Int32>][-
DumpsterMessagesPerFolderCountWarningQuota<Int32>]
[-EmailAddresses<ProxyAddressCollection>][-EmailAddressPolicyEnabled
<$true|$false>]
[-EnableRoomMailboxAccount<$true|$false>][-EndDateForRetentionHold
<DateTime>][-ExtendedPropertiesCountQuota
<Int32>][-ExtensionCustomAttribute1<MultiValuedProperty>][-
ExtensionCustomAttribute2<MultiValuedProperty>]
[-ExtensionCustomAttribute3<MultiValuedProperty>][-
ExtensionCustomAttribute4<MultiValuedProperty>]
[-ExtensionCustomAttribute5<MultiValuedProperty>][-ExternalOofOptions
<InternalOnly|External>]
[-FederatedIdentity<String>][-FolderHierarchyChildrenCountReceiveQuota
<Int32>]
[-FolderHierarchyChildrenCountWarningQuota<Int32>][-
FolderHierarchyDepthReceiveQuota<Int32>]
[-FolderHierarchyDepthWarningQuota<Int32>][-FoldersCountReceiveQuota
<Int32>][-FoldersCountWarningQuota
<Int32>][-Force<SwitchParameter>][-ForwardingAddress
<RecipientIdParameter>][-ForwardingSmtpAddress
<ProxyAddress>][-GMGen<$true|$false>][-GrantSendOnBehalfTo
<MultiValuedProperty>]
[-HiddenFromAddressListsEnabled<$true|$false>][-IgnoreDefaultScope
<SwitchParameter>]
[-ImListMigrationCompleted<$true|$false>][-ImmutableId<String>][-
InactiveMailbox<SwitchParameter>]
[-IsExcludedFromServingHierarchy<$true|$false>][-IsHierarchyReady
<$true|$false>][-IssueWarningQuota
<Unlimited>][-JournalArchiveAddress<SmtpAddress>][-Languages
<MultiValuedProperty>][-LinkedCredential
<PSCredential>][-LinkedDomainController<String>][-LinkedMasterAccount
<UserIdParameter>][-LitigationHoldDate
<DateTime>][-LitigationHoldDuration<Unlimited>][-LitigationHoldEnabled
<$true|$false>][-LitigationHoldOwner
<String>][-MailboxMessagesPerFolderCountReceiveQuota<Int32>][-
MailboxMessagesPerFolderCountWarningQuota
<Int32>][-MailboxPlan<MailboxPlanIdParameter>][-
MailboxProvisioningConstraint<MailboxProvisioningConstraint>]
[-MailboxProvisioningPreferences<MultiValuedProperty>][-MailRouting
<$true|$false>][-MailTip<String>]
[-MailTipTranslations<MultiValuedProperty>][-Management<$true|$false>]
[-MaxBlockedSenders<Int32>]
[-MaxReceiveSize<Unlimited>][-MaxSafeSenders<Int32>][-MaxSendSize
<Unlimited>]
[-MessageCopyForSendOnBehalfEnabled<$true|$false>][-
MessageCopyForSentAsEnabled<$true|$false>]
[-MessageTracking<$true|$false>][-MessageTrackingReadStatusEnabled
<$true|$false>]
[-MicrosoftOnlineServicesID<SmtpAddress>][-Migration<$true|$false>][-
ModeratedBy<MultiValuedProperty>]
[-ModerationEnabled<$true|$false>][-Name<String>][-NewPassword
<SecureString>][-OABGen<$true|$false>]
[-OABReplica<$true|$false>][-Office<String>][-OfflineAddressBook
<OfflineAddressBookIdParameter>]
[-OldPassword<SecureString>][-OMEncryption<$true|$false>][-Password
<SecureString>][-PrimarySmtpAddress
<SmtpAddress>][-ProhibitSendQuota<Unlimited>][-ProhibitSendReceiveQuota
<Unlimited>][-PstProvider<$true|
$false>][-PublicFolder<SwitchParameter>][-QueryBaseDN
<OrganizationalUnitIdParameter>]
[-QueryBaseDNRestrictionEnabled<$true|$false>][-RecipientLimits
<Unlimited>][-RecoverableItemsQuota
<Unlimited>][-RecoverableItemsWarningQuota<Unlimited>][-
RejectMessagesFrom<MultiValuedProperty>]
[-RejectMessagesFromDLMembers<MultiValuedProperty>][-
RejectMessagesFromSendersOrMembers<MultiValuedProperty>]
[-RemoteAccountPolicy<RemoteAccountPolicyIdParameter>][-
RemoteRecipientType<None|ProvisionMailbox|
ProvisionArchive|Migrated|DeprovisionMailbox|DeprovisionArchive|
RoomMailbox|EquipmentMailbox|
SharedMailbox|TeamMailbox>][-RemoveManagedFolderAndPolicy
<SwitchParameter>][-RemovePicture<SwitchParameter>]
[-RemoveSpokenName<SwitchParameter>][-RequireSenderAuthenticationEnabled
<$true|$false>]
[-ResetPasswordOnNextLogon<$true|$false>][-ResourceCapacity<Int32>][-
ResourceCustom<MultiValuedProperty>]
[-RetainDeletedItemsFor<EnhancedTimeSpan>][-RetainDeletedItemsUntilBackup
<$true|$false>][-RetentionComment
<String>][-RetentionHoldEnabled<$true|$false>][-RetentionPolicy
<MailboxPolicyIdParameter>][-RetentionUrl
<String>][-RoleAssignmentPolicy<MailboxPolicyIdParameter>][-
RoomMailboxPassword<SecureString>][-RulesQuota
<ByteQuantifiedSize>][-SamAccountName<String>][-SCLDeleteEnabled<$true
|$false>][-SCLDeleteThreshold
<Int32>][-SCLJunkEnabled<$true|$false>][-SCLJunkThreshold<Int32>][-
SCLQuarantineEnabled<$true|$false>]
[-SCLQuarantineThreshold<Int32>][-SCLRejectEnabled<$true|$false>][-
SCLRejectThreshold<Int32>]
[-SecondaryAddress<String>][-SecondaryDialPlan<UMDialPlanIdParameter>]
[-SendModerationNotifications<Never|
Internal|Always>][-SharingPolicy<SharingPolicyIdParameter>][-
SimpleDisplayName<String>]
[-SingleItemRecoveryEnabled<$true|$false>][-
SkipMailboxProvisioningConstraintValidation<SwitchParameter>]
[-StartDateForRetentionHold<DateTime>][-TenantUpgrade<$true|$false>]
[-ThrottlingPolicy
<ThrottlingPolicyIdParameter>][-Type<Regular|Room|Equipment|
Shared>][-UMDataStorage<$true|$false>]
[-UMDtmfMap<MultiValuedProperty>][-UMGrammar<$true|$false>][-
UseDatabaseQuotaDefaults<$true|$false>]
[-UseDatabaseRetentionDefaults<$true|$false>][-UserCertificate
<MultiValuedProperty>][-UserPrincipalName
<String>][-UserSMimeCertificate<MultiValuedProperty>][-WhatIf
[<SwitchParameter>]][-WindowsEmailAddress
<SmtpAddress>][-WindowsLiveID<SmtpAddress>][<CommonParameters>]
Set-Mailbox-Identity<MailboxIdParameter>[-AcceptMessagesOnlyFrom
<MultiValuedProperty>]
[-AcceptMessagesOnlyFromDLMembers<MultiValuedProperty>][-
AcceptMessagesOnlyFromSendersOrMembers
<MultiValuedProperty>][-AddressBookPolicy
<AddressBookMailboxPolicyIdParameter>][-Alias<String>]
[-AntispamBypassEnabled<$true|$false>][-ApplyMandatoryProperties
<SwitchParameter>][-Arbitration
<SwitchParameter>][-ArbitrationMailbox<MailboxIdParameter>][-
ArchiveDatabase<DatabaseIdParameter>]
[-ArchiveDomain<SmtpDomain>][-ArchiveName<MultiValuedProperty>][-
ArchiveQuota<Unlimited>][-ArchiveStatus
<None|Active>][-ArchiveWarningQuota<Unlimited>][-AuditAdmin
<MultiValuedProperty>][-AuditDelegate
<MultiValuedProperty>][-AuditEnabled<$true|$false>][-AuditLog
<SwitchParameter>][-AuditLogAgeLimit
<EnhancedTimeSpan>][-AuditOwner<MultiValuedProperty>][-
BypassModerationFromSendersOrMembers
<MultiValuedProperty>][-CalendarLoggingQuota<Unlimited>][-
CalendarRepairDisabled<$true|$false>]
[-CalendarVersionStoreDisabled<$true|$false>][-ClientExtensions<$true
|$false>][-Confirm
[<SwitchParameter>]][-CreateDTMFMap<$true|$false>][-CustomAttribute1
<String>][-CustomAttribute10<String>]
[-CustomAttribute11<String>][-CustomAttribute12<String>][-
CustomAttribute13<String>][-CustomAttribute14
<String>][-CustomAttribute15<String>][-CustomAttribute2<String>][-
CustomAttribute3<String>]
[-CustomAttribute4<String>][-CustomAttribute5<String>][-
CustomAttribute6<String>][-CustomAttribute7
<String>][-CustomAttribute8<String>][-CustomAttribute9<String>][-
Database<DatabaseIdParameter>]
[-DefaultPublicFolderMailbox<RecipientIdParameter>][-
DeliverToMailboxAndForward<$true|$false>][-DisplayName
<String>][-DomainController<Fqdn>][-DowngradeHighPriorityMessagesEnabled
<$true|$false>]
[-DumpsterMessagesPerFolderCountReceiveQuota<Int32>][-
DumpsterMessagesPerFolderCountWarningQuota<Int32>]
[-EmailAddresses<ProxyAddressCollection>][-EmailAddressPolicyEnabled
<$true|$false>]
[-EnableRoomMailboxAccount<$true|$false>][-EndDateForRetentionHold
<DateTime>][-ExtendedPropertiesCountQuota
<Int32>][-ExtensionCustomAttribute1<MultiValuedProperty>][-
ExtensionCustomAttribute2<MultiValuedProperty>]
[-ExtensionCustomAttribute3<MultiValuedProperty>][-
ExtensionCustomAttribute4<MultiValuedProperty>]
[-ExtensionCustomAttribute5<MultiValuedProperty>][-ExternalOofOptions
<InternalOnly|External>]
[-FederatedIdentity<String>][-FolderHierarchyChildrenCountReceiveQuota
<Int32>]
[-FolderHierarchyChildrenCountWarningQuota<Int32>][-
FolderHierarchyDepthReceiveQuota<Int32>]
[-FolderHierarchyDepthWarningQuota<Int32>][-FoldersCountReceiveQuota
<Int32>][-FoldersCountWarningQuota
<Int32>][-Force<SwitchParameter>][-ForwardingAddress
<RecipientIdParameter>][-ForwardingSmtpAddress
<ProxyAddress>][-GMGen<$true|$false>][-GrantSendOnBehalfTo
<MultiValuedProperty>]
[-HiddenFromAddressListsEnabled<$true|$false>][-IgnoreDefaultScope
<SwitchParameter>]
[-ImListMigrationCompleted<$true|$false>][-ImmutableId<String>][-
InactiveMailbox<SwitchParameter>]
[-IsExcludedFromServingHierarchy<$true|$false>][-IsHierarchyReady
<$true|$false>][-IssueWarningQuota
<Unlimited>][-JournalArchiveAddress<SmtpAddress>][-Languages
<MultiValuedProperty>][-LinkedCredential
<PSCredential>][-LinkedDomainController<String>][-LinkedMasterAccount
<UserIdParameter>][-LitigationHoldDate
<DateTime>][-LitigationHoldDuration<Unlimited>][-LitigationHoldEnabled
<$true|$false>][-LitigationHoldOwner
<String>][-MailboxMessagesPerFolderCountReceiveQuota<Int32>][-
MailboxMessagesPerFolderCountWarningQuota
<Int32>][-MailboxPlan<MailboxPlanIdParameter>][-
MailboxProvisioningConstraint<MailboxProvisioningConstraint>]
[-MailboxProvisioningPreferences<MultiValuedProperty>][-MailRouting
<$true|$false>][-MailTip<String>]
[-MailTipTranslations<MultiValuedProperty>][-Management<$true|$false>]
[-MaxBlockedSenders<Int32>]
[-MaxReceiveSize<Unlimited>][-MaxSafeSenders<Int32>][-MaxSendSize
<Unlimited>]
[-MessageCopyForSendOnBehalfEnabled<$true|$false>][-
MessageCopyForSentAsEnabled<$true|$false>]
[-MessageTracking<$true|$false>][-MessageTrackingReadStatusEnabled
<$true|$false>]
[-MicrosoftOnlineServicesID<SmtpAddress>][-Migration<$true|$false>][-
ModeratedBy<MultiValuedProperty>]
[-ModerationEnabled<$true|$false>][-Name<String>][-NewPassword
<SecureString>][-OABGen<$true|$false>]
[-OABReplica<$true|$false>][-Office<String>][-OfflineAddressBook
<OfflineAddressBookIdParameter>]
[-OldPassword<SecureString>][-OMEncryption<$true|$false>][-Password
<SecureString>][-PrimarySmtpAddress
<SmtpAddress>][-ProhibitSendQuota<Unlimited>][-ProhibitSendReceiveQuota
<Unlimited>][-PstProvider<$true|
$false>][-PublicFolder<SwitchParameter>][-QueryBaseDN
<OrganizationalUnitIdParameter>]
[-QueryBaseDNRestrictionEnabled<$true|$false>][-RecipientLimits
<Unlimited>][-RecoverableItemsQuota
<Unlimited>][-RecoverableItemsWarningQuota<Unlimited>][-
RejectMessagesFrom<MultiValuedProperty>]
[-RejectMessagesFromDLMembers<MultiValuedProperty>][-
RejectMessagesFromSendersOrMembers<MultiValuedProperty>]
[-RemoteAccountPolicy<RemoteAccountPolicyIdParameter>][-
RemoteRecipientType<None|ProvisionMailbox|
ProvisionArchive|Migrated|DeprovisionMailbox|DeprovisionArchive|
RoomMailbox|EquipmentMailbox|
SharedMailbox|TeamMailbox>][-RemoveManagedFolderAndPolicy
<SwitchParameter>][-RemovePicture<SwitchParameter>]
[-RemoveSpokenName<SwitchParameter>][-RequireSenderAuthenticationEnabled
<$true|$false>]
[-ResetPasswordOnNextLogon<$true|$false>][-ResourceCapacity<Int32>][-
ResourceCustom<MultiValuedProperty>]
[-RetainDeletedItemsFor<EnhancedTimeSpan>][-RetainDeletedItemsUntilBackup
<$true|$false>][-RetentionComment
<String>][-RetentionHoldEnabled<$true|$false>][-RetentionPolicy
<MailboxPolicyIdParameter>][-RetentionUrl
<String>][-RoleAssignmentPolicy<MailboxPolicyIdParameter>][-
RoomMailboxPassword<SecureString>][-RulesQuota
<ByteQuantifiedSize>][-SamAccountName<String>][-SCLDeleteEnabled<$true
|$false>][-SCLDeleteThreshold
<Int32>][-SCLJunkEnabled<$true|$false>][-SCLJunkThreshold<Int32>][-
SCLQuarantineEnabled<$true|$false>]
[-SCLQuarantineThreshold<Int32>][-SCLRejectEnabled<$true|$false>][-
SCLRejectThreshold<Int32>]
[-SecondaryAddress<String>][-SecondaryDialPlan<UMDialPlanIdParameter>]
[-SendModerationNotifications<Never|
Internal|Always>][-SharingPolicy<SharingPolicyIdParameter>][-
SimpleDisplayName<String>]
[-SingleItemRecoveryEnabled<$true|$false>][-
SkipMailboxProvisioningConstraintValidation<SwitchParameter>]
[-StartDateForRetentionHold<DateTime>][-TenantUpgrade<$true|$false>]
[-ThrottlingPolicy
<ThrottlingPolicyIdParameter>][-Type<Regular|Room|Equipment|
Shared>][-UMDataStorage<$true|$false>]
[-UMDtmfMap<MultiValuedProperty>][-UMGrammar<$true|$false>][-
UseDatabaseQuotaDefaults<$true|$false>]
[-UseDatabaseRetentionDefaults<$true|$false>][-UserCertificate
<MultiValuedProperty>][-UserPrincipalName
<String>][-UserSMimeCertificate<MultiValuedProperty>][-WhatIf
[<SwitchParameter>]][-WindowsEmailAddress
<SmtpAddress>][-WindowsLiveID<SmtpAddress>][<CommonParameters>]
Set-Mailbox-Identity<MailboxIdParameter>[-AcceptMessagesOnlyFrom
<MultiValuedProperty>]
[-AcceptMessagesOnlyFromDLMembers<MultiValuedProperty>][-
AcceptMessagesOnlyFromSendersOrMembers
<MultiValuedProperty>][-AddressBookPolicy
<AddressBookMailboxPolicyIdParameter>][-Alias<String>]
[-AntispamBypassEnabled<$true|$false>][-ApplyMandatoryProperties
<SwitchParameter>][-Arbitration
<SwitchParameter>][-ArbitrationMailbox<MailboxIdParameter>][-
ArchiveDatabase<DatabaseIdParameter>]
[-ArchiveDomain<SmtpDomain>][-ArchiveName<MultiValuedProperty>][-
ArchiveQuota<Unlimited>][-ArchiveStatus
<None|Active>][-ArchiveWarningQuota<Unlimited>][-AuditAdmin
<MultiValuedProperty>][-AuditDelegate
<MultiValuedProperty>][-AuditEnabled<$true|$false>][-AuditLog
<SwitchParameter>][-AuditLogAgeLimit
<EnhancedTimeSpan>][-AuditOwner<MultiValuedProperty>][-
BypassModerationFromSendersOrMembers
<MultiValuedProperty>][-CalendarLoggingQuota<Unlimited>][-
CalendarRepairDisabled<$true|$false>]
[-CalendarVersionStoreDisabled<$true|$false>][-ClientExtensions<$true
|$false>][-Confirm
[<SwitchParameter>]][-CreateDTMFMap<$true|$false>][-CustomAttribute1
<String>][-CustomAttribute10<String>]
[-CustomAttribute11<String>][-CustomAttribute12<String>][-
CustomAttribute13<String>][-CustomAttribute14
<String>][-CustomAttribute15<String>][-CustomAttribute2<String>][-
CustomAttribute3<String>]
[-CustomAttribute4<String>][-CustomAttribute5<String>][-
CustomAttribute6<String>][-CustomAttribute7
<String>][-CustomAttribute8<String>][-CustomAttribute9<String>][-
Database<DatabaseIdParameter>]
[-DefaultPublicFolderMailbox<RecipientIdParameter>][-
DeliverToMailboxAndForward<$true|$false>][-DisplayName
<String>][-DomainController<Fqdn>][-DowngradeHighPriorityMessagesEnabled
<$true|$false>]
[-DumpsterMessagesPerFolderCountReceiveQuota<Int32>][-
DumpsterMessagesPerFolderCountWarningQuota<Int32>]
[-EmailAddresses<ProxyAddressCollection>][-EmailAddressPolicyEnabled
<$true|$false>]
[-EnableRoomMailboxAccount<$true|$false>][-EndDateForRetentionHold
<DateTime>][-ExtendedPropertiesCountQuota
<Int32>][-ExtensionCustomAttribute1<MultiValuedProperty>][-
ExtensionCustomAttribute2<MultiValuedProperty>]
[-ExtensionCustomAttribute3<MultiValuedProperty>][-
ExtensionCustomAttribute4<MultiValuedProperty>]
[-ExtensionCustomAttribute5<MultiValuedProperty>][-ExternalOofOptions
<InternalOnly|External>]
[-FederatedIdentity<String>][-FolderHierarchyChildrenCountReceiveQuota
<Int32>]
[-FolderHierarchyChildrenCountWarningQuota<Int32>][-
FolderHierarchyDepthReceiveQuota<Int32>]
[-FolderHierarchyDepthWarningQuota<Int32>][-FoldersCountReceiveQuota
<Int32>][-FoldersCountWarningQuota
<Int32>][-Force<SwitchParameter>][-ForwardingAddress
<RecipientIdParameter>][-ForwardingSmtpAddress
<ProxyAddress>][-GMGen<$true|$false>][-GrantSendOnBehalfTo
<MultiValuedProperty>]
[-HiddenFromAddressListsEnabled<$true|$false>][-IgnoreDefaultScope
<SwitchParameter>]
[-ImListMigrationCompleted<$true|$false>][-ImmutableId<String>][-
InactiveMailbox<SwitchParameter>]
[-IsExcludedFromServingHierarchy<$true|$false>][-IsHierarchyReady
<$true|$false>][-IssueWarningQuota
<Unlimited>][-JournalArchiveAddress<SmtpAddress>][-Languages
<MultiValuedProperty>][-LinkedCredential
<PSCredential>][-LinkedDomainController<String>][-LinkedMasterAccount
<UserIdParameter>][-LitigationHoldDate
<DateTime>][-LitigationHoldDuration<Unlimited>][-LitigationHoldEnabled
<$true|$false>][-LitigationHoldOwner
<String>][-MailboxMessagesPerFolderCountReceiveQuota<Int32>][-
MailboxMessagesPerFolderCountWarningQuota
<Int32>][-MailboxPlan<MailboxPlanIdParameter>][-
MailboxProvisioningConstraint<MailboxProvisioningConstraint>]
[-MailboxProvisioningPreferences<MultiValuedProperty>][-MailRouting
<$true|$false>][-MailTip<String>]
[-MailTipTranslations<MultiValuedProperty>][-Management<$true|$false>]
[-MaxBlockedSenders<Int32>]
[-MaxReceiveSize<Unlimited>][-MaxSafeSenders<Int32>][-MaxSendSize
<Unlimited>]
[-MessageCopyForSendOnBehalfEnabled<$true|$false>][-
MessageCopyForSentAsEnabled<$true|$false>]
[-MessageTracking<$true|$false>][-MessageTrackingReadStatusEnabled
<$true|$false>]
[-MicrosoftOnlineServicesID<SmtpAddress>][-Migration<$true|$false>][-
ModeratedBy<MultiValuedProperty>]
[-ModerationEnabled<$true|$false>][-Name<String>][-NewPassword
<SecureString>][-OABGen<$true|$false>]
[-OABReplica<$true|$false>][-Office<String>][-OfflineAddressBook
<OfflineAddressBookIdParameter>]
[-OldPassword<SecureString>][-OMEncryption<$true|$false>][-Password
<SecureString>][-PrimarySmtpAddress
<SmtpAddress>][-ProhibitSendQuota<Unlimited>][-ProhibitSendReceiveQuota
<Unlimited>][-PstProvider<$true|
$false>][-PublicFolder<SwitchParameter>][-QueryBaseDN
<OrganizationalUnitIdParameter>]
[-QueryBaseDNRestrictionEnabled<$true|$false>][-RecipientLimits
<Unlimited>][-RecoverableItemsQuota
<Unlimited>][-RecoverableItemsWarningQuota<Unlimited>][-
RejectMessagesFrom<MultiValuedProperty>]
[-RejectMessagesFromDLMembers<MultiValuedProperty>][-
RejectMessagesFromSendersOrMembers<MultiValuedProperty>]
[-RemoteAccountPolicy<RemoteAccountPolicyIdParameter>][-
RemoteRecipientType<None|ProvisionMailbox|
ProvisionArchive|Migrated|DeprovisionMailbox|DeprovisionArchive|
RoomMailbox|EquipmentMailbox|
SharedMailbox|TeamMailbox>][-RemoveManagedFolderAndPolicy
<SwitchParameter>][-RemovePicture<SwitchParameter>]
[-RemoveSpokenName<SwitchParameter>][-RequireSenderAuthenticationEnabled
<$true|$false>]
[-ResetPasswordOnNextLogon<$true|$false>][-ResourceCapacity<Int32>][-
ResourceCustom<MultiValuedProperty>]
[-RetainDeletedItemsFor<EnhancedTimeSpan>][-RetainDeletedItemsUntilBackup
<$true|$false>][-RetentionComment
<String>][-RetentionHoldEnabled<$true|$false>][-RetentionPolicy
<MailboxPolicyIdParameter>][-RetentionUrl
<String>][-RoleAssignmentPolicy<MailboxPolicyIdParameter>][-
RoomMailboxPassword<SecureString>][-RulesQuota
<ByteQuantifiedSize>][-SamAccountName<String>][-SCLDeleteEnabled<$true
|$false>][-SCLDeleteThreshold
<Int32>][-SCLJunkEnabled<$true|$false>][-SCLJunkThreshold<Int32>][-
SCLQuarantineEnabled<$true|$false>]
[-SCLQuarantineThreshold<Int32>][-SCLRejectEnabled<$true|$false>][-
SCLRejectThreshold<Int32>]
[-SecondaryAddress<String>][-SecondaryDialPlan<UMDialPlanIdParameter>]
[-SendModerationNotifications<Never|
Internal|Always>][-SharingPolicy<SharingPolicyIdParameter>][-
SimpleDisplayName<String>]
[-SingleItemRecoveryEnabled<$true|$false>][-
SkipMailboxProvisioningConstraintValidation<SwitchParameter>]
[-StartDateForRetentionHold<DateTime>][-TenantUpgrade<$true|$false>]
[-ThrottlingPolicy
<ThrottlingPolicyIdParameter>][-Type<Regular|Room|Equipment|
Shared>][-UMDataStorage<$true|$false>]
[-UMDtmfMap<MultiValuedProperty>][-UMGrammar<$true|$false>][-
UseDatabaseQuotaDefaults<$true|$false>]
[-UseDatabaseRetentionDefaults<$true|$false>][-UserCertificate
<MultiValuedProperty>][-UserPrincipalName
<String>][-UserSMimeCertificate<MultiValuedProperty>][-WhatIf
[<SwitchParameter>]][-WindowsEmailAddress
<SmtpAddress>][-WindowsLiveID<SmtpAddress>][<CommonParameters>]
DESCRIPTION
Youcanusethiscmdletforonemailboxatatime.Toperformbulk
management,youcanpipelinetheoutputof
variousGet-cmdlets(forexample,theGet-MailboxorGet-Usercmdlets)and
configureseveralmailboxesina
single-linecommand.YoucanalsousetheSet-Mailboxcmdletinscripts.
Youneedtobeassignedpermissionsbeforeyoucanrunthiscmdlet.
Althoughallparametersforthiscmdletare
listedinthistopic,youmaynothaveaccesstosomeparametersifthey're
notincludedinthepermissions
assignedtoyou.Toseewhatpermissionsyouneed,seethe"Recipient
ProvisioningPermissions"sectioninthe
RecipientsPermissionstopic.
RELATEDLINKS
OnlineVersionhttp://technet.microsoft.com/EN-US/library/a0d413b9-d949-
4df6-ba96-ac0906dedae2(EXCHG.160).aspx
REMARKS
Toseetheexamples,type:"get-helpSet-Mailbox-examples".
Formoreinformation,type:"get-helpSet-Mailbox-detailed".
Fortechnicalinformation,type:"get-helpSet-Mailbox-full".
Foronlinehelp,type:"get-helpSet-Mailbox-online"
TheSet-Mailbox-?commandgeneratesalotofoutputtothescreen,anditis
compressedintoahard-to-readformat.BecausetheSet-Mailboxcmdletis
manipulatingthesameobjectastheGet-Mailboxcmdlet,youcouldalsousethe
followingcommandtoviewallthepropertiesthathavebeensetonaparticular
mailbox(Oliverinthisexample):
Get-MailboxOliver|Format-List
RunspaceId:0ba072d8-b808-472c-a1c0-ddbc58118450
Database:MailboxDatabase1
MailboxProvisioningConstraint:
MessageCopyForSentAsEnabled:False
MessageCopyForSendOnBehalfEnabled:False
MailboxProvisioningPreferences:{}
UseDatabaseRetentionDefaults:True
RetainDeletedItemsUntilBackup:False
DeliverToMailboxAndForward:False
IsExcludedFromServingHierarchy:False
IsHierarchyReady:True
HasSnackyAppData:False
LitigationHoldEnabled:False
SingleItemRecoveryEnabled:False
RetentionHoldEnabled:False
EndDateForRetentionHold:
StartDateForRetentionHold:
RetentionComment:
RetentionUrl:
LitigationHoldDate:
LitigationHoldOwner:
LitigationHoldDuration:Unlimited
ManagedFolderMailboxPolicy:
RetentionPolicy:
AddressBookPolicy:
CalendarRepairDisabled:False
ExchangeGuid:4e417359-f557-4213-bc98-9e6982168d0c
MailboxContainerGuid:
UnifiedMailbox:
MailboxLocations:{1;4e417359-f557-4213-bc98-
9e6982168d0c;Primary;Contoso.com;c421c171-bc76-4543-
8b2f-43b2e92cc4a3}
AggregatedMailboxGuids:{}
ExchangeSecurityDescriptor:
System.Security.AccessControl.RawSecurityDescriptor
ExchangeUserAccountControl:None
AdminDisplayVersion:Version15.1(Build225.42)
MessageTrackingReadStatusEnabled:True
ExternalOofOptions:External
ForwardingAddress:
ForwardingSmtpAddress:
RetainDeletedItemsFor:14.00:00:00
IsMailboxEnabled:True
Languages:{}
OfflineAddressBook:
ProhibitSendQuota:Unlimited
ProhibitSendReceiveQuota:Unlimited
RecoverableItemsQuota:30GB(32,212,254,720bytes)
RecoverableItemsWarningQuota:20GB(21,474,836,480bytes)
CalendarLoggingQuota:6GB(6,442,450,944bytes)
DowngradeHighPriorityMessagesEnabled:False
ProtocolSettings:{}
RecipientLimits:Unlimited
ImListMigrationCompleted:False
IsResource:False
IsLinked:False
IsShared:False
IsRootPublicFolderMailbox:False
LinkedMasterAccount:
ResetPasswordOnNextLogon:False
ResourceCapacity:
ResourceCustom:{}
ResourceType:
RoomMailboxAccountEnabled:
SamAccountName:Oliver
SCLDeleteThreshold:
SCLDeleteEnabled:
SCLRejectThreshold:
SCLRejectEnabled:
SCLQuarantineThreshold:
SCLQuarantineEnabled:
SCLJunkThreshold:
SCLJunkEnabled:
AntispamBypassEnabled:False
ServerLegacyDN:/o=ContosoOrg/ou=Exchange
AdministrativeGroup
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=NYC-EX1
ServerName:ex1
UseDatabaseQuotaDefaults:True
IssueWarningQuota:Unlimited
RulesQuota:256KB(262,144bytes)
Office:
UserPrincipalName:Oliver@contoso.com
UMEnabled:False
MaxSafeSenders:
MaxBlockedSenders:
NetID:
ReconciliationId:
WindowsLiveID:
MicrosoftOnlineServicesID:
ThrottlingPolicy:
RoleAssignmentPolicy:DefaultRoleAssignmentPolicy
DefaultPublicFolderMailbox:
EffectivePublicFolderMailbox:
SharingPolicy:DefaultSharingPolicy
RemoteAccountPolicy:
MailboxPlan:
ArchiveDatabase:
ArchiveGuid:00000000-0000-0000-0000-000000000000
ArchiveName:{}
JournalArchiveAddress:
ArchiveQuota:100GB(107,374,182,400bytes)
ArchiveWarningQuota:90GB(96,636,764,160bytes)
ArchiveDomain:
ArchiveStatus:None
ArchiveState:None
DisabledMailboxLocations:False
RemoteRecipientType:None
DisabledArchiveDatabase:
DisabledArchiveGuid:00000000-0000-0000-0000-000000000000
QueryBaseDN:
QueryBaseDNRestrictionEnabled:False
MailboxMoveTargetMDB:
MailboxMoveSourceMDB:
MailboxMoveFlags:None
MailboxMoveRemoteHostName:
MailboxMoveBatchName:
MailboxMoveStatus:None
MailboxRelease:
ArchiveRelease:
IsPersonToPersonTextMessagingEnabled:False
IsMachineToPersonTextMessagingEnabled:False
UserSMimeCertificate:{}
UserCertificate:{}
CalendarVersionStoreDisabled:False
ImmutableId:
PersistedCapabilities:{}
SKUAssigned:
AuditEnabled:False
AuditLogAgeLimit:90.00:00:00
AuditAdmin:{Update,Move,MoveToDeletedItems,
SoftDelete,HardDelete,FolderBind,
SendAs,SendOnBehalf,Create}
AuditDelegate:{Update,SoftDelete,HardDelete,
SendAs,Create}
AuditOwner:{}
WhenMailboxCreated:3/20/201611:49:39PM
SourceAnchor:
UsageLocation:
IsSoftDeletedByRemove:False
IsSoftDeletedByDisable:False
IsInactiveMailbox:False
IncludeInGarbageCollection:False
WhenSoftDeleted:
InPlaceHolds:{}
GeneratedOfflineAddressBooks:{}
AccountDisabled:False
StsRefreshTokensValidFrom:
Extensions:{}
HasPicture:False
HasSpokenName:False
AcceptMessagesOnlyFrom:{}
AcceptMessagesOnlyFromDLMembers:{}
AcceptMessagesOnlyFromSendersOrMembers:{}
AddressListMembership:{\Mailboxes(VLV),\AllMailboxes(VLV),
\AllRecipients(VLV),\DefaultGlobal
AddressList,\AllUsers}
Alias:Oliver
ArbitrationMailbox:
BypassModerationFromSendersOrMembers:{}
OrganizationalUnit:contoso.com/Sales
CustomAttribute1:
CustomAttribute10:
CustomAttribute11:
CustomAttribute12:
CustomAttribute13:
CustomAttribute14:
CustomAttribute15:
CustomAttribute2:
CustomAttribute3:
CustomAttribute4:
CustomAttribute5:
CustomAttribute6:
CustomAttribute7:
CustomAttribute8:
CustomAttribute9:
ExtensionCustomAttribute1:{}
ExtensionCustomAttribute2:{}
ExtensionCustomAttribute3:{}
ExtensionCustomAttribute4:{}
ExtensionCustomAttribute5:{}
DisplayName:OliverLee
EmailAddresses:{SMTP:Oliver@contoso.com}
GrantSendOnBehalfTo:{}
ExternalDirectoryObjectId:
HiddenFromAddressListsEnabled:False
LastExchangeChangedTime:
LegacyExchangeDN:/o=ContosoOrg/ou=Exchange
AdministrativeGroup
(FYDIBOHF23SPDLT)/cn=Recipients/cn=4ae68cb0a00d48769bd97945e13b3f43-OliverLee
MaxSendSize:Unlimited
MaxReceiveSize:Unlimited
ModeratedBy:{}
ModerationEnabled:False
PoliciesIncluded:{98dda7b4-7ba7-4bf3-8de3-
1cd7e78066aa,
{26491cfc-9e50-4857-861b-0cb8df22b5d7}}
PoliciesExcluded:{}
EmailAddressPolicyEnabled:True
PrimarySmtpAddress:Oliver@contoso.com
RecipientType:UserMailbox
RecipientTypeDetails:UserMailbox
RejectMessagesFrom:{}
RejectMessagesFromDLMembers:{}
RejectMessagesFromSendersOrMembers:{}
RequireSenderAuthenticationEnabled:False
SimpleDisplayName:
SendModerationNotifications:Always
UMDtmfMap:{emailAddress:654837,
lastNameFirstName:533654837,
firstNameLastName:654837533}
WindowsEmailAddress:Oliver@contoso.com
MailTip:
MailTipTranslations:{}
Identity:Contoso.com/Sales/OliverLee
IsValid:True
ExchangeVersion:0.20(15.0.0.0)
Name:OliverLee
DistinguishedName:CN=Oliver
Lee,OU=Sales,DC=Contoso,DC=com
Guid:b3578263-b81c-40be-91b8-721f21b99da2
ObjectCategory:Contoso.com/Configuration/Schema/Person
ObjectClass:{top,person,organizationalPerson,
user}
WhenChanged:3/20/201611:49:39PM
WhenCreated:10/21/201311:31:35PM
WhenChangedUTC:3/21/20166:49:39AM
WhenCreatedUTC:10/22/20136:31:35AM
OrganizationId:
Id:Contoso.com/Sales/OliverLee
OriginatingServer:DC1.Contoso.com
ObjectState:Unchanged
NotethatsomeofthepropertiesyouseeasaresultofaGet-cmdletcannotbeset
becausetheyaresystem-controlledpropertiesortheyaremanipulatedusingother
cmdlets,suchasExchangeGuidorDatabase.
Thethirdwaytoviewallofthepropertiesassociatedwithanobjectissimplytouse
theGet-Membercmdlet.HereisanexamplewheretheGet-Mailboxcmdletpipesits
outputtotheGet-Membercmdletandfiltersonlythemembersthatareproperties.
Becauseafulllistingwouldincludeafewpagesofinformationyoucaneasilylookup
yourselfandwillprovidelittlevaluetothisdiscussion,theoutputisonlyapartial
listing:
TypeName:Microsoft.Exchange.Data.Directory.Management.Mailbox
NameMemberTypeDefinition
------------------------
AcceptMessagesOnlyFromProperty
Microsoft.Exchange.Data.MultiValuedProperty[Microsoft.Exchange.Dat…
AcceptMessagesOnlyFromDLMembersProperty
Microsoft.Exchange.Data.MultiValuedProperty[Microsoft.Exchange.Dat…
AcceptMessagesOnlyFromSendersOrMembersProperty
Microsoft.Exchange.Data.MultiValuedProperty[Microsoft.Exchange.Dat…
AccountDisabledPropertyboolAccountDisabled
{get;set;}
AddressBookPolicyProperty
Microsoft.Exchange.Data.Directory.ADObjectIdAddressBookPolicy{ge
AddressListMembershipProperty
Microsoft.Exchange.Data.MultiValuedProperty[Microsoft.Exchange.Dat…
AdminDisplayVersionProperty
Microsoft.Exchange.Data.ServerVersionAdminDisplayVersion{get;}
AggregatedMailboxGuidsProperty
Microsoft.Exchange.Data.MultiValuedProperty[guid]AggregatedMailbo
AliasPropertystringAlias{get;set;}
AntispamBypassEnabledPropertyboolAntispamBypassEnabled
{get;set;}
ArbitrationMailboxProperty
Microsoft.Exchange.Data.Directory.ADObjectIdArbitrationMailbox{g
ArchiveDatabaseProperty
Microsoft.Exchange.Data.Directory.ADObjectIdArchiveDatabase{get;}
ArchiveDomainProperty
Microsoft.Exchange.Data.SmtpDomainArchiveDomain{get;set;}
ArchiveGuidPropertyguidArchiveGuid{get;}
ArchiveNameProperty
Microsoft.Exchange.Data.MultiValuedProperty[string]ArchiveName{g
ArchiveQuotaProperty
Microsoft.Exchange.Data.Unlimited[Microsoft.Exchange.Data.ByteQuan
ArchiveReleasePropertystringArchiveRelease{get;}
ArchiveStateProperty
Microsoft.Exchange.Data.Directory.Recipient.ArchiveStateArchiveSt
FormattingOutput
IfyoulookattheoutputoftheGet-MailboxcmdletshowninFigure5.1,youmightbe
temptedtothinkthattheoutputcapabilitiesofPowerShellarelimited,butthisisfar
fromthetruth.ThedefaultoutputoftheGet-Mailboxcmdletisaformattedtablewith
theName,Alias,ServerName,andProhibitSendQuotapropertiesascolumns.However,
youcanselectthepropertiesyouwantbymerelypipingtheoutputoftheGet-Mailbox
cmdlettoeithertheFormat-Table(FTforshort),Format-List(FLforshort),orSelect
cmdlet:
Get-Mailbox|FTName,ProhibitSendQuota,ProhibitSendReceiveQuota
Figure5.2showstheoutputoftheprecedingcommand.
Figure5.2Formattingoutputintoaformattedtable
TheoutputoftheGet-MailboxcmdletwasdirectedtotheFormat-TableorFTcmdlet;
theresultwascolumnsfortheName,ProhibitSendQuota,andProhibitSendReceiveQuota
limits.
Youmaybewonderinghowyoucanlearnallthepropertiesofanobject.Thedefault
outputoftheGet-Mailboxcmdlet,forexample,isprobablynotthemostusefulfor
yourorganization.WediscussgettinghelpinPowerShellandtheExchange
ManagementShelllaterinthischapter,buthereisasimpletricktoseeallthe
propertiesofanobject:justdirecttheoutputofaGet-cmdlettotheFormat-List(FLfor
short)cmdletinsteadofthedefaultFormat-Tablecmdlet.
W
henyoudirecttheoutputofacmdlet,suchasGet-MailboxtotheFormat-Listcmdlet,
y
ouwillseeallthepropertiesforthatobject.Figure5.3showsanexamplewherewe
havedirectedtheoutputofaGet-MailboxcmdlettotheFL(Format-List)cmdlet.You
w
illnoticeinFigure5.3thatthepropertiesfilledupmorethanonescreen.However,
y
ouwillfindthatoutputtingallthepropertiesofanobjectusingtheFormat-List
cmdletisveryusefulifyouneedtoknowspecificpropertynames.
Figure5.3
Formattingoutputtoaformattedlist
Thecommandweusedisasfollows:
Get-Mailbox"AlanSteiner"|Format-List
DirectingOutputtoOtherCmdlets
Y
ouhavealreadyseenacoupleofexampleswhereweusedthepipesymbol(|)to
directtheoutputofonecommandtobeusedasinputforthenextcommand,suchas
Get-Mailbox|Format-Table.YoucandothisbecausePowerShellcommandsacton
objects,notjusttext.Unlikewithothershellsorscriptinglanguages,youdon'thaveto
usestringcommandsorvariablestopassdatafromonecommandtoanother.The
resultisthatyoucanuseasinglelinetoperformaqueryandcomplextask
somethingthatmighthaverequiredhundredsoflinesofprogramminginthepast.
Oneofourfavoriteexamplesismakingspecificchangestoagroupofpeople's
mailboxes.Let'ssayyouneedtoensurethatallexecutivesinyourorganizationcan
sendandreceiveamessagethatisupto50MBinsizeratherthanthedefault10MB
towhichthesystemlimitstheuser.Earlierweshowedyouhowyoucouldgetthe
propertiesofthemailboxthatyouwereinterestedin,suchastheMaxSendSizeand
MaxReceiveSizeproperties.
First,let'susetheGet-DistributionGroupMembercmdlettoretrievethemembersofthe
Executivesdistributiongroup:
Get-DistributionGroupMember"Executives"
NameRecipientType
-----------------
ZainalArifinUserMailbox
SameerAthalyeUserMailbox
AdamBarrUserMailbox
AnnaBedecsUserMailbox
DanaBirkbyUserMailbox
TomaszBochenekUserMailbox
BryanBredehoeftUserMailbox
DerekBrownUserMailbox
RandyByrneUserMailbox
Rememberthatalthoughyouseethetextlistingofthegroupmembers,whatis
actuallyoutputareobjectsrepresentingeachofthemembers.
Itisimportanttonotethatwhilepipingtheoutputofonecmdletasinputfor
anothercmdletworksfrequently,itdoesnotworkallthetime.Pipinginputtoa
cmdletwillalwaysworkwhenthenounusedbythetwocmdletsisthesame,such
asthis:
Get-Mailbox-ServerEx1|Set-Mailbox-CustomAttribute1"Iamona
greatserver!"
Forcmdletsthatdonotsupportpipingbetweenthem,youcanusuallyuseatrick,
suchasusingtheforeachcmdlettoprocessthedata.
So,nowlet'spipetheoutputofthatcmdlettotheSet-Mailboxcmdletanddosomereal
work!Tochangethemaximumincomingandoutgoingmessagesizeforthemembers
oftheExecutivesgroup,youwouldtypethefollowingcommand:
Get-DistributionGroupMember"Executives"|Set-Mailbox
-MaxSendSize:50MB-MaxReceiveSize:50MB
-UseDatabaseRetentionDefaults:$False
NoticethattheSet-Mailboxcmdletdidnotrequireanyinputbecauseitwilltakeas
inputtheobjectsthatareoutputfromGet-DistributionGroupMember.Whenyourun
thesetwocommands,therewillbenooutputunlessyouhavespecifiedotheroptions.
ButyoucaneasilychecktheresultsbyrequestingthemembershipoftheExecutives
group,pipingthattotheGet-Mailboxcmdlet,andthenpipingthatoutputtothe
Format-Tablecmdlet,asshownhere:
NameMaxSendSizeMaxReceiveSize
-----------------------------
ZainalArifin50MB(52,428,800bytes)50MB(52,428,800bytes)
SameerAthalye50MB(52,428,800bytes)50MB(52,428,800bytes)
AdamBarr50MB(52,428,800bytes)50MB(52,428,800bytes)
AnnaBedecs50MB(52,428,800bytes)50MB(52,428,800bytes)
DanaBirkby50MB(52,428,800bytes)50MB(52,428,800bytes)
TomaszBochenek50MB(52,428,800bytes)50MB(52,428,800bytes)
BryanBredehoeft50MB(52,428,800bytes)50MB(52,428,800bytes)
DerekBrown50MB(52,428,800bytes)50MB(52,428,800bytes)
RandyByrne50MB(52,428,800bytes)50MB(52,428,800bytes)
Prettycool,eh?AfterjustafewminutesworkingwithPowerShellandtheEMS
extensions,wehopethatyouwillbeaspleasedwiththeease-of-useasweare.
PowerShellv3,v4,andv5
ExchangeServer2016usesPowerShellversion4(v4).ExchangeServer2013uses
PowerShellv3,whereasExchangeServer2010usedPowerShellv2andExchange
Server2007usedthepowerofPowerShellv1(orv2withExchangeServer2007SP2).
PowerShellv3includessomeamazingfeatures,likeremotingandeventing,which
enableittomanageanyITenvironmentevenbetterthanbefore.PowerShellv4,
standardonWindowsServer2012R2,addedDesiredStateConfiguration(DSC)anda
fewminorenhancements,butnotasmanyasv3.PowerShellv5,standardon
WindowsServer2016,addsmoreprogramming-likepowertoPowerShell,including
theabilitytodevelopbyusingclasseslikeobject-orientedprogramminglanguages.
RemotePowerShell
ExchangeServer2010andlaterdoesn'tuselocalPowerShellanymorebutrelieson
remotePowerShelltomanageitsroles.
Youwon'tseeanydifferencebetweenusingremoteorlocalshelltomanageExchange
Server.WhenyouclicktheEMSshortcut,WindowsPowerShellconnectstothe
closestExchangeserverusingWindowsRemoteManagement,performsan
authenticationcheck,andthencreatesaremotesessionforyoutouse.It'sthanksto
RemotePowerShellthatRole-BasedAccessControl(RBAC)canbefullyimplemented.
(FormoreinformationaboutRBAC,refertoChapter12,“ManagementPermissions
andRole-BasedAccessControl.”)
AnotheradvantageofintroducingRemotePowerShellistheabilitytolaunchtheshell
andmanageyourExchangeserversbyconnectingtoanExchangeserverwithout
requiringyoutoinstallthemanagementtoolslocallyonthatmachine;thiswasa
requirementbackinExchangeServer2007.
TipsandTricks
Inthissection,wediscusshandlingdataoutput,sendingoutputtoafile,sending
emailfromthePowerShell,anddebugging.
ManagingOutput
Let'sstartbyexploringhowtomassageormanipulatetheoutputofPowerShelland
EMScmdlets.Inthissection,wearegoingtofocusontheGet-MailboxStatistics
cmdlet;weareusingthiscmdletinourexamplebecauseinouropinionitsdefault
outputformatistheleastdesirableofalltheEMScmdlets.Whoeversetthedefaults
forthiscmdlet'soutputclearlyexpectedtheusertobeproficientatmanipulatingthe
output.
IfyouarecomingfromanExchangeServer2007environment,youmaybeusedto
runningtheGet-MailboxStatisticscmdletwithnoparameters.ExchangeServer2013
andlaterexpectsyoutospecifyeitheramailboxname,servername(-Server),or
mailboxdatabase(-Database)inthecommandline.HereisanexampleoftheGet-
MailboxStatisticscmdlet'soutputspecifyingamailboxserver:
Get-MailboxStatistics-ServerEx1
DisplayNameItemCountStorageLimitStatusLastLogonTime
---------------------------------------------------
JohnPark7BelowLimit
SystemMailbox{21db5e471BelowLimit
ChuckSwanson6BelowLimit
OnlineArchive-Tyler0NoChecking
MicrosoftExchange1BelowLimit
MicrosoftExchangeApp1BelowLimit
GillianKatz7BelowLimit
Administrator2BelowLimit8/9/20161:24:44AM
JimMcBee6BelowLimit
DiscoverySearchMailbox1BelowLimit
ClaytonK.Kamiya27NoChecking7/24/201612:17:44
AM
MicrosoftExchangeApp1BelowLimit
TylerM.Swartz6BelowLimit
JulieR.Samante6BelowLimit
MichaelG.Brown9BelowLimit
JonathanLong6BelowLimit
SystemMailbox{94c229761BelowLimit
KevinWile8BelowLimit
JohnRodriguez6BelowLimit
AnitaVelez6BelowLimit
Obviously,thisoutputisnotveryusefulformostofus.
OutputtoListsorTables
Keepinmindthatinternally,whenPowerShellisretrievingdata,everythingistreated
asanobject.However,whenyouaredisplayingsomethingtothescreen,youseejust
thetextualinformation.Mostcmdletsoutputdatatoaformattedtable,butyoucan
alsooutputthedatatoaformattedlistusingtheFormat-ListcmdletorFLalias.Here
isanexampleofpipingasinglemailbox'sstatisticstotheFormat-Listcmdlet:
[PS]C:\>Get-MailboxStatistics"ClaytonK.Kamiya"|Format-List
RunspaceId:3a8e6797-44a5-4c71-8a21-3022b379cb57
AssociatedItemCount:16
DeletedItemCount:0
DisconnectDate:
DisplayName:ClaytonK.Kamiya
ItemCount:27
LastLoggedOnUserAccount:contoso\Clayton.Kamiya
LastLogoffTime:7/24/20169:54:13AM
LastLogonTime:7/24/201612:17:44AM
LegacyDN:/O=Contoso/
OU=EXCHANGEADMINISTRATIVEGROUP(FYDIBOHF23SPDLT)/
CN=RECIPIENTS/CN=CLAYTONK.KAMIYA
MailboxGuid:a9e676e9-f67b-4206-817e-ad07eca52659
ObjectClass:Mailbox
StorageLimitStatus:NoChecking
TotalDeletedItemSize:0B(0bytes)
TotalItemSize:949.5KB(972,245bytes)
Database:MBX1
ServerName:NYC-EX1
DatabaseName:MBX1
MoveHistory:
IsQuarantined:False
IsArchiveMailbox:False
Identity:a9e676e9-f67b-4206-817e-ad07eca52659
MapiIdentity:a9e676e9-f67b-4206-817e-ad07eca52659
OriginatingServer:NYC-EX1.contoso.com
IsValid:True
ThisexampleshowsyouallthepropertiesthatcanbedisplayedviatheGet-
MailboxStatisticscmdlet.
ThefollowingarethedefaultresultsoffilteringthecommandthroughtheFormat-
TableorFTalias:
Get-MailboxStatistics"ClaytonK.Kamiya"|FT
DisplayNameItemCountStorageLimitStatusLastLogonTime
---------------------------------------------------
ClaytonKamiya1063BelowLimit8/9/20161:33:31PM
However,theFormat-TableandFormat-Listcmdletsallowyoutospecifywhich
propertiesyouwanttoseeintheoutputlist.Let'ssaythatyouwanttoseetheuser's
name,itemcount,andtotalitemsize.Here'sthecommandyouwoulduse:
Get-MailboxStatistics"ClaytonKamiya"|FTDisplayName,
ItemCount,TotalItemSize
DisplayNameItemCountTotalItemSize
---------------------------------
ClaytonK.Kamiya10634.00MB(4,190,207bytes)
Therewego—thatisabitmoreuseful.
SortingandGroupingOutput
Anyoutputcanalsobesortedbasedonanyofthepropertiesthatyouaregoingto
display.IfyouareusingtheFormat-Tablecommand,youcanalsogrouptheoutputby
properties.First,let'sgobackandlookattheoriginalexamplewhereweare
outputtingallthemailboxstatisticsforthelocalmailboxserver.Let'ssayweare
interestedinsortingbythemaximummailboxsize.Todoso,wecanpipetheoutput
ofGet-MailboxStatisticstotheSort-Objectcmdlet.Hereisanexample:
Get-Mailbox|Get-MailboxStatistics-ServerEx1|Sort-Object
TotalItemSize-Descending|Format-TableDisplayName,
ItemCountTotalItemsize
DisplayNameItemCountTotalItemSize
---------------------------------------
MikeBrown30622.92MB(24,030,192bytes)
ClaytonKamiya106321.34MB(22,376,612bytes
LawrenceCohen2221.3KB(226,596bytes)
OliverCohen271.75KB(73,469bytes)
BrianTirch250.00KB(51,200bytes)
EliasMereb650.00KB(51,200bytes)
ThisexampleusedthecommandSort-ObjectTotalItemSize-Descending,butwecould
alsohaveusedthe-Ascendingoption.Thereareseveralfarmoresophisticated
examplesinPowerShellhelp.
WecantakethisastepfurtherwhenusingtheFormat-Tablecmdletbyaddinga-
GroupByoption.Hereisanexamplewhereweareexportingthisdataandgroupingit
usingtheStorageLimitStatusproperty:
Get-Mailbox|Get-MailboxStatistics|Sort-ObjectTotalItemSize
-Descending|Format-TableDisplayName,ItemCount,TotalItemSize
-GroupByStorageLimitStatus
StorageLimitStatus:MailboxDisabled
DisplayNameItemCountTotalItemSize
-----------------------------------
MikeBrown31421.25MB(21,763bytes)
StorageLimitStatus:ProhibitSend
DisplayNameItemCountTotalItemSize
-----------------------------------
ClaytonKamiya10665.02MB(5,145bytes)
StorageLimitStatus:BelowLimit
DisplayNameItemCountTotalItemSize
-----------------------------------
LawrenceCohen81.09MB(1,119bytes)
OliverCohen6286B(286bytes)
OrenPinto6286B(286bytes)
OutputtoFile
Outputtingdatatothescreenisgreat,butitdoesnothelpyouwithreports.Youcan
alsooutputdatatoCSVandXMLfiles.Twocmdletsmakethiseasytodo:
Export-CsvexportsthedatatoaCSVfile.
Export-ClixmlexportsthedatatoanXMLfile.
Simplydirecttheoutputyouwantsenttoafile,andthesecmdletswilltakecareof
convertingthedatatotheproperformat.Let'stakeourearlierexamplewherewewant
areportofallmailboxesandtheirProhibitSendandProhibitSendAndReceivelimits.
Wecan'tusetheFormat-Tablecmdletinthisinstance;wehavetousetheSelect-
ObjectorSelectcmdlettospecifytheoutputbecausewewillbedirectingthisoutput
toanothercmdlet.HereisanexampleoftheGet-Mailboxcmdletwhenusingthe
Selectcommand:
Get-Mailbox|SelectName,ProhibitSendQuota,ProhibitSendReceiveQuota
Theoutputofthiscmdletisshownhere:
NameProhibitSendQuotaProhibitSendReceiveQuota
---------------------------------------------
OrenPintounlimitedunlimited
ZacharyElfassyunlimitedunlimited
ZoeElfassyunlimitedunlimited
SavannahElfassyunlimitedunlimited
MikeBrownunlimitedunlimited
DanHolmeunlimitedunlimited
RussZimmerunlimitedunlimited
TylerSwartzunlimitedunlimited
ChrisPfennigunlimitedunlimited
TodirectthisoutputtotheC:\report.csvfile,wesimplypipeittotheExport-Csv
cmdletasshownhere:
Get-Mailbox|SelectName,ProhibitSendQuota,ProhibitSendReceiveQuota|
Export-Csvc:\report.csv
IfyouwanttoexportthereporttoanXMLfile,simplyusetheExport-Clixmlcmdlet
insteadofExport-Csv.
Finally,justaswhenworkingwiththeDOSprompt,youcanredirectoutputofa
commandtoatextfile.TosendtheoutputoftheGet-Mailboxtothefile
c:\mailboxes.txt,youwouldtypethis:
Get-Mailbox>c:\mailboxes.txt
PuttingItAllTogether
Let'sconsideronemoreexampleofGet-MailboxStatisticspiping.Hopefully,thiswill
beanexampleyoucanuseinthefuture.Wewillcreateareportofthemailbox
statisticsusingtheGet-MailboxStatisticscmdlet.Thenwewillexportthemailbox
statisticsforaspecificserver.WewilllimittheoutputbyusingtheWhere-Object
command,choosethepropertiestooutputusingtheSelectcommand,andfinallypipe
thatoutputtotheExport-Csvcmdlet:
Get-MailboxStatistics-ServerEx1|Sort-ObjectTotalItemSize
-Descending|Select-ObjectDisplayName,ItemCount,TotalItemSize
|Export-CSVc:\StorStats.csv
Ifyouarethinkingthatthislooksabitstickytoimplement,youareprobablyright.
Gettingthissyntaxtogethertookthebetterpartofanafternoon,andarguably,you
shouldbeabletoperformcommontaskslikeexportingmailboxstoragestatistics
fromtheGUI.However,onthebrightside,nowwehavethecommandweneedtorun
eachtimewewanttogeneratethisreport;further,theknowledgetodothisparticular
typeofreportwithinPowerShellcarriesoverintomanyothertasks.
RunningScripts
PowerShellscriptsareeasytobuildandtorun,butthereareafewthingsyouneedto
knowtowriteyourownscriptsand/ortoreadothers'scripts.Thoughthisiscertainly
notacomprehensivebriefingonPowerShellscriptingorvariables,wehopeitwillgive
youaquickintroductiontoafewthingsthatwefoundinterestingandhelpfulwhen
wegotstarted.
ThefileextensionforaPowerShellscriptis.PS1.
Youcan'trunthescriptfromthesourcedirectory.Youactuallyhavetoprefacethe
scriptnamewiththepath.
Saywehaveascriptnamedc:\scripts\Report.ps1.Wecan'tjustchangeittothe
c:\reportsdirectoryandrunreport.ps1,sowewouldhavetotype.\report.ps1.
PowerShell(andscripts)usevariablesprecededwitha$symbol.Youcanseta
variablewithinascriptorjustbytypingitatthecommandline.ThePowerShell
variableisanobject,soyoucanassociateanobjectoranentirelistofobjectswith
asinglevariable.
Forexample,thefollowingcommandassociatesthevariable$Zachwiththeentire
objectfortheuserZacharyElfassy:
$Zach=Get-User"ZacharyElfassy"
Wecouldthenusejustspecificpropertiesofthatobject.Forexample,ifwewant
tojustoutputZachary'sdisplayname,wecouldtypethis:
$Zach.DisplayName
Evenbetter,wecouldthensetZachary'sdisplaynametoavariablecalled
$ZachDisplayNamebydoingthis:
$ZachDisplayName=$Zach.DisplayName
Wecansetasinglevariabletoalotofobjectsandthenmanipulatethemallat
onceviaascript.Hereisanexamplewherewesetthe$AllUsersvariabletoallthe
usersinthedomain:
$AllUsers=Get-Users
Nowherearesomeinterestingthingswecandowiththatvariable.Wecanobtain
acountofhowmanyobjectsitcontains:
$AllUsers.Count
944
Further,eachofthe944objectscontainedinthe$AllUsersvariableistreatedas
aniteminanarray,sowecanretrieveindividualones,suchasobjectnumber
939:
AllUsers[939]|FLSamAccountName,DisplayName,WindowsEmailAddress,Phone,
Office
SamAccountName:Andrew.Roberts
DisplayName:AndrewRoberts(Operations)
WindowsEmailAddress:andrew.roberts@Contoso.com
Phone:011-77-8484-4844
Office:Tokyo
SendingEmailfromtheExchangeManagementShell
Sometimesthesmallestfeaturesareamongthebestfeatures.Inthisparticular
case,wearetalkingaboutaPowerShellcmdletcalledSend-MailMessagethatallows
youtoeasilysendanemailfromwithinPowerShell.
Forexample,ifyouwanttosendanemailmessagefromthealias
SystemMessages@Contoso.comtoHelpDesk@Contoso.com,itwouldlooksomething
likethis:
Send-MailMessage-ToHelpDesk@contoso.com-Subject"Thisisatest
message"-FromSystemMessages@contoso.com-BodyAsHtml-Body"This
isthebodyofthemessage"-SmtpServerEx1
NotethatyoumustspecifyanSMTPserverthatwilleitheracceptthisconnection
orrelaythemessageforyoubyusingthe-SmtpServerparameter,asshowninthe
precedingexample.
RunningScheduledPowerShellScripts
Frequently,PowerShelladvocateswillextolthevirtuesofcreatingsimplePowerShell
scripts(PS1files)thatyoucanscheduletoperformroutinetasks.Therearequitea
fewarticlesandnewsgrouppostingsabouthoweasythisistodo.However,running
thePS1scriptusingascheduledtaskisabittrickier.Youcan'tjustrunaPS1script
fromtheDOScommandpromptortheTaskScheduler.BeforeaPS1scriptcanberun,
PowerShellhastoberun,theExchangeManagementExtensionshavetobeloaded,
andthenthescriptorcommandcanbecalled.
ThePowerShellexecutable(powershell.exe)isfoundinthe
C:\Windows\System32\WindowsPowerShell\v1.0\folder.PowerShellneedstobetold
fromwhichExchangeserveritwillneedtoimporttheExchangeServersession(using
theImport-PSSessioncmdlet).
Finally,weneedthenameandthelocationofthescriptwearegoingtorun,solet's
saywearegoingtoexecutethiscommand:
Get-Mailbox|SelectName,ProhibitSendQuota,ProhibitSendReceiveQuota
|Export-Csvc:\report2.csv
Ratherthanpastingallthisintothejobscheduler,wecancreateasimplebatchfile
thatlookslikethis:
@echooff
cls
C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
-command"&{c:\scripts\Report1.ps1}"
NowweneedtocreatetheReport1.ps1scriptthatwillrunoncePowerShellisopened:
$Session=New-PSSession-ConfigurationNameMicrosoft.Exchange
-ConnectionUrihttp://NYC-EX1/PowerShell/
Import-PSSession$session
Get-Mailbox|SelectName,ProhibitSendQuota,ProhibitSendReceiveQuota
|Export-Csvc:\report2.csv
DebuggingandTroubleshootingfromPowerShell
PowerShellhasalotoffeaturesthatwillhelpyoutestyourscriptsandone-line
commands.
Set-PSDebugThecmdletSet-PSDebugisdesignedtoallowyoutodebugPowerShell
scripts.Tousethis,addthiscommandtoyourscript:Set-PSDebug-Trace1.This
willallowyoutoexamineeachstepofthescript.Youcanenablemoredetailed
traceloggingbysettingthetracelevelto2:Set-PSDebug-Trace2.Ifyouaddthe-
Stepoptiontothecommandline,youwillbepromptedforeachstep.Toturnoff
tracelogging,usethiscommand:Set-PSDebug-Off.
-WhatIfMostcmdletssupportthe-WhatIfoption.Ifyouaddthe-WhatIfoptionto
thecommandline,thecmdletwillrunandtellyouwhatwillhappenwithout
actuallyperformingthetask.Thisisusefulforcheckingtomakesurethe
commandyouareabouttorunwillreallydowhatyouwant.
-ConfirmMostcmdletssupportthe-Confirmoptionandmanycmdletsthat
performmoredestructivetypesofoptions,suchasthosethatbeginwithRemove-,
Move-,Dismount-,Disable-,andClear-,havethe-Confirmoptionturnedonby
default.Ifthisisturnedon,thecmdletwillnotproceeduntilyouhaveconfirmedit
isOKtoproceed.Forcmdletsthatconfirmbydefault,youcanincludethe-
Confirm:$Falseoptionifyoudonotwanttobeprompted.
-ValidateOnlyThe-ValidateOnlyoptionisabitmorepowerfulthan-WhatIf.The-
ValidateOnlyoptionwillperformallthestepsthecmdletisspecifyingwithout
actuallymakinganychangesandthenwillsummarizewhatwouldhavebeendone
  and
if
this
would
have
caused
any
problems.
*
GettingHelp
WehaveshownyouafewsimpleyetpowerfulexamplesofhowtousePowerShelland
theEMS.OnceyoudiginandstartusingtheEMS,youwillneedsomereferencesto
helpyoufigureoutallthesyntaxandpropertiesofeachofthecmdlets.
InformationisavailableonthecmdletsfromwithinPowerShell.Foragoodstarting
point,youcanjusttypethehelpcommandandthiswillgiveyouagoodoverviewof
usingPowerShellandhowtogetmorehelp.Thefollowinglistsummarizescommon
methodsofgettinghelponPowerShellandExchangeManagementShellcmdlets:
HelpProvidesgenericPowerShellhelpinformation.
help*Keyword*Listsallcmdletsthatcontainthekeyword.Forexample,ifyou
wanttofindallPowerShellv2cmdletsthatworkwiththeWindowseventlog,you
cantypehelp*EventLog*.TofindallExchangeServercmdletsthatworkwith
mailboxes,typeGet-ExCommand*mailbox*.Youcannotusethehelpaliastolocate
allavailableExchangeServercmdlets.
Get-Command*Keyword*ListsallPowerShellcmdletsandfiles(suchashelpfiles)
thatcontainthekeyword.
Get-CommandListsallcmdlets(includingallPowerShellextensionscurrently
loaded,suchastheEMScmdlets).
Get-ExCommandListsallExchangeServercmdlets.
Get-PSCommandListsallPowerShellcmdlets.
HelpCmdletorGet-HelpCmdletListsonlinehelpforthespecifiedcmdletand
pausesbetweeneachscreen.Providesmultipleviewsoftheonlinehelp(suchas
detailed,full,examples,anddefault).InFigure5.4,thehelpinformationfor
pipelininginPowerShellisdisplayed.
Cmdlet-?Listsonlinehelpforthespecifiedcmdlet.
Figure5.4OnlinehelpforpipeliningusingtheExchangeManagementShell
WhenworkingwithhelpwithinPowerShell,helptopicsaredisplayedbasedonthe
viewofhelpthatyourequest.Inotherwords,youcan'tjusttypeGet-Helpandsee
everythingaboutthatcmdlet.TheGet-Helpcmdletincludesfourpossibleviewsofhelp
foreachcmdlet.Thefollowinglistexplainsthefourprimaryviewsalongwiththe
parametersview:
DefaultViewListstheminimalinformationtodescribethefunctionofthe
cmdletandshowsthesyntaxofthecmdlet
ExampleViewIncludesasynopsisofthecmdletandsomeexamplesofitsusage
DetailedViewShowsmoredetailsonacmdlet,includingparametersand
parameterdescriptions
FullViewShowsallthedetailsavailableonacmdlet,includingasynopsisofthe
cmdlet,adetaileddescriptionofthecmdlet,parameterdescriptions,parameter
metadata,andexamples
ParametersViewAllowsyoutospecifyaparameterandgethelpontheusageof
justthatparticularparameter
TheFulloptionforGet-Helpincludesinitsoutputeachparameter'smetadata.The
metadataisshowninthefollowinglist:
Required?Istheparameterrequired?Thisvalueiseithertrueorfalse.
Position?Specifiesthepositionoftheparameter.Ifthepositionisnamed,the
parameternamehastobeincludedintheparameterlist.Mostparametersare
named.However,the-Identityparameteris1,whichmeansthatitisalwaysthe
firstparameterandthe-Identitytagisnotrequired.
DefaultvalueSpecifieswhatavaluewillbeforaparameterifnothingelseis
specified.Formostparametersthisisblank.
Acceptpipelineinput?Specifiesiftheparameterwillacceptinputthatispipedin
fromanothercmdlet.Thevalueiseithertrueorfalse.
Acceptwildcardcharacters?Specifiesiftheparameteracceptswildcard
characters,suchastheasteriskorquestionmarkcharacter.Thisvalueiseither
trueorfalse.
Stillnotclearaboutwhateachviewgivesyou?PerhapsTable5.3canshedsomemore
lightontheissue.Thistableshowsyouthevarioussectionsthatareoutputwhen
usingeachviewoption.
Table5.3InformationOutputforEachGet-HelpView
DefaultView ExampleView DetailedView FullView
Synopsis
Detaileddescription
Syntax
Parameters
Parametermetadata
Inputtype
Returntype
Errors
Notes
Example
Tousetheseparameters,youwouldusetheGet-Helpcmdletandtheviewoption.For
example,toseetheexampleviewfortheGet-Mailbox,youwouldtypethefollowing:
Get-HelpGet-Mailbox-Example
Wefeelitisimportantforadministratorstounderstandtheavailableonlinehelp
options,solet'slookatacouplemoredetailedexamplesfortheGet-MailboxStatistics
cmdlet.Wearepickingacmdlet(Get-MailboxStatistics)thatwefeelispretty
representativeoftheEMScmdletsbutthatalsodoesnothaveahugeamountofhelp
information.First,let'slookatthedefaultview:
Get-HelpGet-MailboxStatistics
NAME
Get-MailboxStatistics
SYNOPSIS
Thiscmdletisavailableinon-premisesExchangeServer2016andinthe
cloud-basedservice.Someparametersand
settingsmaybeexclusivetooneenvironmentortheother.
UsetheGet-MailboxStatisticscmdlettoobtaininformationaboutamailbox,
suchasthesizeofthemailbox,the
numberofmessagesitcontains,andthelasttimeitwasaccessed.In
addition,youcangetthemovehistoryora
movereportofacompletedmoverequest.
ForinformationabouttheparametersetsintheSyntaxsectionbelow,see
Syntax.
SYNTAX
Get-MailboxStatistics-Identity<GeneralMailboxOrMailUserIdParameter>[-
Archive<SwitchParameter>][-CopyOnServer
<ServerIdParameter>][-DomainController<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport
<SwitchParameter>][-IncludeQuarantineDetails<SwitchParameter>][-
NoADLookup<SwitchParameter>]
[<CommonParameters>]
Get-MailboxStatistics[-AuditLog<SwitchParameter>][-Identity
<GeneralMailboxOrMailUserIdParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Database<DatabaseIdParameter>[-CopyOnServer
<ServerIdParameter>][-Filter<String>]
[-StoreMailboxIdentity<StoreMailboxIdParameter>][-DomainController
<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport<SwitchParameter>][-
IncludeQuarantineDetails<SwitchParameter>]
[-NoADLookup<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Server<ServerIdParameter>[-Filter<String>][-
IncludePassive<SwitchParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
DESCRIPTION
OnMailboxserversonly,youcanusetheGet-MailboxStatisticscmdlet
withoutparameters.Inthiscase,thecmdlet
returnsthestatisticsforallmailboxesonalldatabasesonthelocal
server.
TheGet-MailboxStatisticscmdletrequiresatleastoneofthefollowing
parameterstocompletesuccessfully:
Server,Database,orIdentity.
YoucanusetheGet-MailboxStatisticscmdlettoreturndetailedmove
historyandamovereportforcompletedmove
requeststotroubleshootamoverequest.Toviewthemovehistory,youmust
passthiscmdletasanobject.Move
historiesareretainedinthemailboxdatabaseandarenumbered
incrementally,andthelastexecutedmoverequest
isalwaysnumbered0.Formoreinformation,see"Example7,""Example8,"
and"Example9"inthistopic.
Youcanonlyseemovereportsandmovehistoryforcompletedmoverequests.
Youneedtobeassignedpermissionsbeforeyoucanrunthiscmdlet.
Althoughallparametersforthiscmdletare
listedinthistopic,youmaynothaveaccesstosomeparametersifthey're
notincludedinthepermissions
assignedtoyou.Toseewhatpermissionsyouneed,seethe"Recipient
ProvisioningPermissions"sectioninthe
RecipientsPermissionstopic.
RELATEDLINKS
OnlineVersionhttp://technet.microsoft.com/EN-US/library/cec76f70-941f-
4bc9-b949-35dcc7671146(EXCHG.160).aspx
REMARKS
Toseetheexamples,type:"get-helpGet-MailboxStatistics-examples".
Formoreinformation,type:"get-helpGet-MailboxStatistics-detailed".
Fortechnicalinformation,type:"get-helpGet-MailboxStatistics-full".
Foronlinehelp,type:"get-helpGet-MailboxStatistics-online"
Thedefaultview(asyoucouldhavepredictedfromTable5.3)includesthesynopsis,
syntax,anddetaileddescriptionsections.Let'schangeourapproachandlookatthe
exampleview:
[PS]C:\>Get-HelpGet-MailboxStatistics-Examples
NAME
Get-MailboxStatistics
SYNOPSIS
Thiscmdletisavailableinon-premisesExchangeServer2016andinthe
cloud-basedservice.Someparametersand
settingsmaybeexclusivetooneenvironmentortheother.
UsetheGet-MailboxStatisticscmdlettoobtaininformationaboutamailbox,
suchasthesizeofthemailbox,the
numberofmessagesitcontains,andthelasttimeitwasaccessed.In
addition,youcangetthemovehistoryora
movereportofacompletedmoverequest.
ForinformationabouttheparametersetsintheSyntaxsectionbelow,see
Syntax.
--------------------------Example1--------------------------
Thisexampleretrievesthemailboxstatisticsforthemailboxoftheuser
AylaKolbyusingitsassociatedalias
AylaKol.
Get-MailboxStatistics-IdentityAylaKol
--------------------------Example2--------------------------
Thisexampleretrievesthemailboxstatisticsforallmailboxesonthe
serverMailboxServer01.
Get-MailboxStatistics-ServerMailboxServer01
--------------------------Example3--------------------------
Thisexampleretrievesthemailboxstatisticsforthespecifiedmailbox.
Get-MailboxStatistics-Identitycontoso\chris
--------------------------Example4--------------------------
Thisexampleretrievesthemailboxstatisticsforallmailboxesinthe
specifiedmailboxdatabase.
Get-MailboxStatistics-Database"MailboxDatabase"
--------------------------Example5--------------------------
Thisexampleretrievesthemailboxstatisticsforthedisconnected
mailboxesforallmailboxdatabasesinthe
organization.The-neoperatormeansnotequal.
Get-MailboxDatabase|Get-MailboxStatistics-Filter'DisconnectDate-ne
$null'
--------------------------Example6--------------------------
Thisexampleretrievesthemailboxstatisticsforasingledisconnected
mailbox.Thevalueforthe
StoreMailboxIdentityparameteristhemailboxGUIDofthedisconnected
mailbox.YoucanalsousetheLegacyDN.
Get-MailboxStatistics-Database"MailboxDatabase"-StoreMailboxIdentity
3b475034-303d-49b2-9403-ae022b43742d
--------------------------Example7--------------------------
Thisexamplereturnsthesummarymovehistoryforthecompletedmove
requestforAylaKol'smailbox.Ifyoudon't
pipelinetheoutputtotheFormat-Listcmdlet,themovehistorydoesn't
display.
Get-MailboxStatistics-IdentityAylaKol-IncludeMoveHistory|Format-List
--------------------------Example8--------------------------
Thisexamplereturnsthedetailedmovehistoryforthecompletedmove
requestforAylaKol'smailbox.Thisexample
usesatemporaryvariabletostorethemailboxstatisticsobject.Ifthe
mailboxhasbeenmovedmultipletimes,
therearemultiplemovereports.Thelastmovereportisalways
MoveReport[0].
$temp=Get-MailboxStatistics-IdentityAylaKol-IncludeMoveHistory
$temp.MoveHistory[0]
--------------------------Example9--------------------------
Thisexamplereturnsthedetailedmovehistoryandaverbosedetailedmove
reportforAylaKol'smailbox.This
exampleusesatemporaryvariabletostorethemoverequeststatistics
objectandoutputsthemovereporttoaCSV
file.
$temp=Get-MailboxStatistics-IdentityAylaKol-IncludeMoveReport
$temp.MoveHistory[0]|Export-CSVC:\MoveReport_AylaKol.csv
Theexampleviewdoesnothaveasmuchdata,butalotoftechieslearnbylookingat
examples,sowefindthisviewparticularlyuseful.Next,let'slookatthedetailedview;
becausethisviewincludestheparameters,itwillhavequiteabitmoreinformation:
[PS]C:\>Get-HelpGet-MailboxStatistics-Detailed
NAME
Get-MailboxStatistics
SYNOPSIS
Thiscmdletisavailableinon-premisesExchangeServer2016andinthe
cloud-basedservice.Someparametersand
settingsmaybeexclusivetooneenvironmentortheother.
UsetheGet-MailboxStatisticscmdlettoobtaininformationaboutamailbox,
suchasthesizeofthemailbox,the
numberofmessagesitcontains,andthelasttimeitwasaccessed.In
addition,youcangetthemovehistoryora
movereportofacompletedmoverequest.
ForinformationabouttheparametersetsintheSyntaxsectionbelow,see
Syntax.
SYNTAX
Get-MailboxStatistics-Identity<GeneralMailboxOrMailUserIdParameter>[-
Archive<SwitchParameter>][-CopyOnServer
<ServerIdParameter>][-DomainController<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport
<SwitchParameter>][-IncludeQuarantineDetails<SwitchParameter>][-
NoADLookup<SwitchParameter>]
[<CommonParameters>]
Get-MailboxStatistics[-AuditLog<SwitchParameter>][-Identity
<GeneralMailboxOrMailUserIdParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Database<DatabaseIdParameter>[-CopyOnServer
<ServerIdParameter>][-Filter<String>]
[-StoreMailboxIdentity<StoreMailboxIdParameter>][-DomainController
<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport<SwitchParameter>][-
IncludeQuarantineDetails<SwitchParameter>]
[-NoADLookup<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Server<ServerIdParameter>[-Filter<String>][-
IncludePassive<SwitchParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
DESCRIPTION
OnMailboxserversonly,youcanusetheGet-MailboxStatisticscmdlet
withoutparameters.Inthiscase,thecmdlet
returnsthestatisticsforallmailboxesonalldatabasesonthelocal
server.
TheGet-MailboxStatisticscmdletrequiresatleastoneofthefollowing
parameterstocompletesuccessfully:
Server,Database,orIdentity.
YoucanusetheGet-MailboxStatisticscmdlettoreturndetailedmove
historyandamovereportforcompletedmove
requeststotroubleshootamoverequest.Toviewthemovehistory,youmust
passthiscmdletasanobject.Move
historiesareretainedinthemailboxdatabaseandarenumbered
incrementally,andthelastexecutedmoverequest
isalwaysnumbered0.Formoreinformation,see"Example7,""Example8,"
and"Example9"inthistopic.
Youcanonlyseemovereportsandmovehistoryforcompletedmoverequests.
Youneedtobeassignedpermissionsbeforeyoucanrunthiscmdlet.
Althoughallparametersforthiscmdletare
listedinthistopic,youmaynothaveaccesstosomeparametersifthey're
notincludedinthepermissions
assignedtoyou.Toseewhatpermissionsyouneed,seethe"Recipient
ProvisioningPermissions"sectioninthe
RecipientsPermissionstopic.
PARAMETERS
-Database<DatabaseIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheDatabaseparameterspecifiesthenameofthemailboxdatabase.When
youspecifyavaluefortheDatabase
parameter,theExchangeManagementShellreturnsstatisticsforallthe
mailboxesonthedatabasespecified.
Youcanusethefollowingvalues:
*GUID
*Database
ThisparameteracceptspipelineinputfromtheGet-MailboxDatabase
cmdlet.
-Identity<GeneralMailboxOrMailUserIdParameter>
TheIdentityparameterspecifiesamailbox.Whenyouspecifyavalue
fortheIdentityparameter,thecommand
looksupthemailboxspecifiedintheIdentityparameter,connectsto
theserverwherethemailboxresides,
andreturnsthestatisticsforthemailbox.
Thisparameteracceptsthefollowingvalues:
*Example:JPhillips
*Example:Atlanta.Corp.Contoso.Com/Users/JPhillips
*Example:JeffPhillips
*Example:CN=JPhillips,CN=Users,DC=Atlanta,DC=Corp,DC=contoso,DC=com
*Example:Atlanta\JPhillips
*Example:fb456636-fe7d-4d58-9d15-5af57d0354c2
*Example:fb456636-fe7d-4d58-9d15-5af57d0354c2@contoso.com
*Example:/o=Contoso/ou=AdministrativeGroup/cn=Recipients/cn=JPhillips
*Example:Jeff.Phillips@contoso.com
*Example:JPhillips@contoso.com
-Server<ServerIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheServerparameterspecifiestheserverfromwhichyouwanttoobtain
mailboxstatistics.Youcanuseoneof
thefollowingvalues:
*Fullyqualifieddomainname(FQDN)
*NetBIOSname
WhenyouspecifyavaluefortheServerparameter,thecommandreturns
statisticsforallthemailboxesonall
thedatabases,includingrecoverydatabases,onthespecifiedserver.
Ifyoudon'tspecifythisparameter,the
commandreturnslogonstatisticsforthelocalserver.
-Archive<SwitchParameter>
TheArchiveswitchparameterspecifieswhethertoreturnmailbox
statisticsforthearchivemailboxassociated
withthespecifiedmailbox.
Youdon'thavetospecifyavaluewiththisparameter.
-AuditLog<SwitchParameter>
ThisparameterisreservedforinternalMicrosoftuse.
-CopyOnServer<ServerIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheCopyOnServerparameterisusedtoretrievestatisticsfroma
specificdatabasecopyontheserver
specifiedwiththeServerparameter.
-DomainController<Fqdn>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheDomainControllerparameterspecifiesthedomaincontrollerthat's
usedbythiscmdlettoreaddatafromor
writedatatoActiveDirectory.Youidentifythedomaincontrollerby
itsfullyqualifieddomainname(FQDN).
Forexample,dc01.contoso.com.
-Filter<String>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheFilterparameterspecifiesafiltertofiltertheresultsofthe
Get-MailboxStatisticscmdlet.For
example,todisplayalldisconnectedmailboxesonaspecificmailbox
database,usethefollowingsyntaxfor
thisparameter:-Filter'DisconnectDate-ne$null'
-IncludeMoveHistory<SwitchParameter>
TheIncludeMoveHistoryswitchspecifieswhethertoreturnadditional
informationaboutthemailboxthat
includesthehistoryofacompletedmoverequest,suchasstatus,
flags,targetdatabase,baditems,start
times,endtimes,durationthatthemoverequestwasinvariousstages,
andfailurecodes.
-IncludeMoveReport<SwitchParameter>
TheIncludeMoveReportswitchspecifieswhethertoreturnaverbose
detailedmovereportforacompletedmove
request,suchasserverconnectionsandmovestages.
Becausetheoutputofthiscommandisverbose,youshouldsendthe
outputtoa.CSVfileforeasieranalysis.
-IncludePassive<SwitchParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
WithouttheIncludePassiveparameter,thecmdletretrievesstatistics
fromactivedatabasecopiesonly.Using
theIncludePassiveparameter,youcanhavethecmdletreturnstatistics
fromallactiveandpassivedatabase
copies.
-IncludeQuarantineDetails<SwitchParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheIncludeQuarantineDetailsswitchspecifieswhethertoreturn
additionalquarantinedetailsaboutthe
mailboxthataren'totherwiseincludedintheresults.Youcanuse
thesedetailstodeterminewhenandwhythe
mailboxwasquarantined.
Specifically,thisswitchreturnsthevaluesofthe
QuarantineDescription,QuarantineLastCrashand
QuarantineEndpropertiesonthemailbox.Toseethesevalues,youneed
useaformattingcmdlet.Forexample,
Get-MailboxStatistics<MailboxIdentity>-IncludeQuarantineDetails|
Format-ListQuarantine*.
-NoADLookup<SwitchParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheNoADLookupswitchspecifiesthatinformationisretrievedfromthe
mailboxdatabase,andnotfromActive
Directory.Thishelpsimprovecmdletperformancewhenqueryinga
mailboxdatabasethatcontainsalargenumber
ofmailboxes.
-StoreMailboxIdentity<StoreMailboxIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheStoreMailboxIdentityparameterspecifiesthemailboxidentitywhen
usedwiththeDatabaseparameterto
returnstatisticsforasinglemailboxonthespecifieddatabase.You
canuseoneofthefollowingvalues:
*MailboxGuid
*LegacyDN
Usethissyntaxtoretrieveinformationaboutdisconnectedmailboxes,
whichdon'thaveacorrespondingActive
DirectoryobjectorthathasacorrespondingActiveDirectoryobject
thatdoesn'tpointtothedisconnected
mailboxinthemailboxdatabase.
<CommonParameters>
Thiscmdletsupportsthecommonparameters:Verbose,Debug,
ErrorAction,ErrorVariable,WarningAction,WarningVariable,
OutBuffer,PipelineVariable,andOutVariable.Formoreinformation,see
about_CommonParameters(http://go.microsoft.com/fwlink/?LinkID=113216).
--------------------------Example1--------------------------
Thisexampleretrievesthemailboxstatisticsforthemailboxoftheuser
AylaKolbyusingitsassociatedalias
AylaKol.
Get-MailboxStatistics-IdentityAylaKol
Noticeintheprecedingoutputthatweleftoutmostoftheexamplesbecausewehad
alreadyshownthemtoyouearlier.Wedidthiswiththefullviewaswellbecauseit
containsevenmoreinformationthanthedetailedview.Thefullviewincludesthe
metadataforeachparameter,aswellasexamples:
Get-HelpGet-MailboxStatistics-Full
NAME
Get-MailboxStatistics
SYNOPSIS
Thiscmdletisavailableinon-premisesExchangeServer2016andinthe
cloud-basedservice.Someparametersand
settingsmaybeexclusivetooneenvironmentortheother.
UsetheGet-MailboxStatisticscmdlettoobtaininformationaboutamailbox,
suchasthesizeofthemailbox,the
numberofmessagesitcontains,andthelasttimeitwasaccessed.In
addition,youcangetthemovehistoryora
movereportofacompletedmoverequest.
ForinformationabouttheparametersetsintheSyntaxsectionbelow,see
Syntax.
SYNTAX
Get-MailboxStatistics-Identity<GeneralMailboxOrMailUserIdParameter>[-
Archive<SwitchParameter>][-CopyOnServer
<ServerIdParameter>][-DomainController<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport
<SwitchParameter>][-IncludeQuarantineDetails<SwitchParameter>][-
NoADLookup<SwitchParameter>]
[<CommonParameters>]
Get-MailboxStatistics[-AuditLog<SwitchParameter>][-Identity
<GeneralMailboxOrMailUserIdParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Database<DatabaseIdParameter>[-CopyOnServer
<ServerIdParameter>][-Filter<String>]
[-StoreMailboxIdentity<StoreMailboxIdParameter>][-DomainController
<Fqdn>][-IncludeMoveHistory
<SwitchParameter>][-IncludeMoveReport<SwitchParameter>][-
IncludeQuarantineDetails<SwitchParameter>]
[-NoADLookup<SwitchParameter>][<CommonParameters>]
Get-MailboxStatistics-Server<ServerIdParameter>[-Filter<String>][-
IncludePassive<SwitchParameter>]
[-DomainController<Fqdn>][-IncludeMoveHistory<SwitchParameter>][-
IncludeMoveReport<SwitchParameter>]
[-IncludeQuarantineDetails<SwitchParameter>][-NoADLookup
<SwitchParameter>][<CommonParameters>]
DESCRIPTION
OnMailboxserversonly,youcanusetheGet-MailboxStatisticscmdlet
withoutparameters.Inthiscase,thecmdlet
returnsthestatisticsforallmailboxesonalldatabasesonthelocal
server.
TheGet-MailboxStatisticscmdletrequiresatleastoneofthefollowing
parameterstocompletesuccessfully:
Server,Database,orIdentity.
YoucanusetheGet-MailboxStatisticscmdlettoreturndetailedmove
historyandamovereportforcompletedmove
requeststotroubleshootamoverequest.Toviewthemovehistory,youmust
passthiscmdletasanobject.Move
historiesareretainedinthemailboxdatabaseandarenumbered
incrementally,andthelastexecutedmoverequest
isalwaysnumbered0.Formoreinformation,see"Example7,""Example8,"
and"Example9"inthistopic.
Youcanonlyseemovereportsandmovehistoryforcompletedmoverequests.
Youneedtobeassignedpermissionsbeforeyoucanrunthiscmdlet.
Althoughallparametersforthiscmdletare
listedinthistopic,youmaynothaveaccesstosomeparametersifthey're
notincludedinthepermissions
assignedtoyou.Toseewhatpermissionsyouneed,seethe"Recipient
ProvisioningPermissions"sectioninthe
RecipientsPermissionstopic.
PARAMETERS
-Database<DatabaseIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheDatabaseparameterspecifiesthenameofthemailboxdatabase.When
youspecifyavaluefortheDatabase
parameter,theExchangeManagementShellreturnsstatisticsforallthe
mailboxesonthedatabasespecified.
Youcanusethefollowingvalues:
*GUID
*Database
ThisparameteracceptspipelineinputfromtheGet-MailboxDatabase
cmdlet.
Required?true
Position?Named
Defaultvalue
Acceptpipelineinput?True
Acceptwildcardcharacters?false
-Identity<GeneralMailboxOrMailUserIdParameter>
TheIdentityparameterspecifiesamailbox.Whenyouspecifyavalue
fortheIdentityparameter,thecommand
looksupthemailboxspecifiedintheIdentityparameter,connectsto
theserverwherethemailboxresides,
andreturnsthestatisticsforthemailbox.
Thisparameteracceptsthefollowingvalues:
*Example:JPhillips
*Example:Atlanta.Corp.Contoso.Com/Users/JPhillips
*Example:JeffPhillips
*Example:CN=JPhillips,CN=Users,DC=Atlanta,DC=Corp,DC=contoso,DC=com
*Example:Atlanta\JPhillips
*Example:fb456636-fe7d-4d58-9d15-5af57d0354c2
*Example:fb456636-fe7d-4d58-9d15-5af57d0354c2@contoso.com
*Example:/o=Contoso/ou=AdministrativeGroup/cn=Recipients/cn=JPhillips
*Example:Jeff.Phillips@contoso.com
*Example:JPhillips@contoso.com
Required?true
Position?1
Defaultvalue
Acceptpipelineinput?True
Acceptwildcardcharacters?false
-Server<ServerIdParameter>
Thisparameterisavailableonlyinon-premisesExchange2016.
TheServerparameterspecifiestheserverfromwhichyouwanttoobtain
mailboxstatistics.Youcanuseoneof
thefollowingvalues:
*Fullyqualifieddomainname(FQDN)
*NetBIOSname
WhenyouspecifyavaluefortheServerparameter,thecommandreturns
statisticsforallthemailboxesonall
thedatabases,includingrecoverydatabases,onthespecifiedserver.
Ifyoudon'tspecifythisparameter,the
commandreturnslogonstatisticsforthelocalserver.
Required?true
Position?Named
Defaultvalue
Acceptpipelineinput?True
Acceptwildcardcharacters?false
-Archive<SwitchParameter>
TheArchiveswitchparameterspecifieswhethertoreturnmailbox
statisticsforthearchivemailboxassociated
withthespecifiedmailbox.
Youdon'thavetospecifyavaluewiththisparameter.
Required?false
Position?Named
Defaultvalue
Acceptpipelineinput?False
Acceptwildcardcharacters?false
Yes,that'salotoftextforexamplesofonecmdlet,butwehopethattheseexamples
willmakeiteasierforyoutoquicklylearnthecapabilitiesofallcmdletsandhowyou
canusethem.
ThePowerShellhelpsystemalsogivesyousomeoptionswithrespecttogettinghelp
onparameters.Forexample,hereisanexampleifyouwanthelponjustthe-Database
parameteroftheGet-MailboxStatisticscmdlet:
Get-HelpGet-MailboxStatistics-ParameterDatabase
-Database<DatabaseIdParameter>
TheDatabaseparameterspecifiesthenameofthemailboxdatabase.
WhenyouspecifyavaluefortheDatabaseparameter,theExchange
ManagementShellreturnsstatisticsforallthemailboxesonthe
databasespecified.
Youcanusethefollowingvalues:
*GUID
*Server\Database
*Database
Thisparameteracceptspipelineinputfromthe
Get-MailboxDatabasecmdlet.
Required?true
Position?Named
Defaultvalue
Acceptpipelineinput?True
Acceptwildcardcharacters?false
The-Parameteroptionalsoacceptstheasterisk(*)wildcard.Hereisanexampleifyou
wanttoseehelponalltheparametersthatcontainSCLQuarantinefortheSet-Mailbox
cmdlet:
[PS]C:\>Get-HelpSet-Mailbox-Parameter*SCLQuarantine*
-SCLQuarantineEnabled<Nullable>
TheSCLQuarantineEnabledparameterspecifieswhethermessages
thatmeettheSCLthresholdspecifiedbytheSCLQuarantineThreshold
parameterarequarantined.Ifamessageisquarantined,it'ssent
tothequarantinemailboxwherethemessagingadministratorcan
reviewit.Youcanusethefollowingvalues:
*$true
*$false
*$null
Required?false
Position?Named
Defaultvalue
Acceptpipelineinput?False
Acceptwildcardcharacters?false
-SCLQuarantineThreshold<Nullable>
TheSCLQuarantineThresholdparameterspecifiestheSCL
atwhichamessageisquarantined,iftheSCLQuarantineEnabled
parameterissetto$true.Youmustspecifyanintegerfrom0through9
inclusive.
Required?false
Position?Named
Defaultvalue
Acceptpipelineinput?False
Acceptwildcardcharacters?false
GettingTips
YoumayhavenoticedausefultipeachtimeyoulaunchedtheExchangeManagement
Shell(EMS).Figure5.5showstheTipoftheDaytextthatyouseeeachtimeyou
launchtheEMS.Therearemorethan100ofthesetips.
Figure5.5ViewingtheTipoftheDay
Ifyouwanttoviewadditionaltips,justtypeGet-TipattheExchangeManagement
Shellprompt.
Youcanevenaddyourowntipsifyoudon'tmindeditinganXMLfile;thetipsfor
EnglisharefoundinC:\ProgramFiles\Microsoft\Exchange
Server\V15\Bin\ExTips.xml.
TheBottomLine
UsePowerShellcommandsyntax.ThePowerShellisaneasy-to-use
command-lineinterfacethatallowsyoutomanipulatemanyaspectsofthe
Windowsoperatingsystem,Registry,andfilesystem.TheExchangeManagement
ShellextensionsallowyoutomanageallaspectsofanExchangeServer
organizationandmanyActiveDirectoryobjects.
PowerShellcmdletsconsistofaverb(suchasGet,Set,New,orMount)thatindicates
whatisbeingdoneandanoun(suchasMailbox,Group,ExchangeServer)that
indicatesonwhichobjectthecmdletisacting.Cmdletoptionssuchas-Debug,-
Whatif,and-ValidateOnlyarecommontomostcmdletsandcanbeusedtotestor
debugproblemswithacmdlet.
MasterItYouneedtousetheExchangeManagementShellcmdletSet-Userto
changethecitytoIrvineforallmembersoftheITdistributionlist.Butyou
wanttofirstconfirmthatthecommandwilldowhatyouwanttodowithout
actuallymakingthechange.Whichcommandshouldyouuse?
Understandobject-orienteduseofPowerShell.Outputofacmdletisnot
simpletextbutratherobjects.Theseobjectshavepropertiesthatcanbeexamined
andmanipulated.
MasterItYouareusingtheSet-Usercmdlettosetpropertiesofauser'sActive
Directoryaccount.Youneedtodeterminethepropertiesthatareavailableto
usewiththeSet-Usercmdlet.Whatcanyoudotoviewtheavailableproperties?
GethelpwithusingPowerShell.Manyoptionsareavailablewhenyouare
tryingtofigureouthowtouseaPowerShellcmdlet,includingonlinehelpandthe
ExchangeServerdocumentation.PowerShellandtheEMSmakeiteasyto
“discover”thecmdletsthatyouneedtodoyourjob.
MasterItHowwouldyoulocateallthecmdletsavailabletomanipulatea
mailbox?YouaretryingtofigureouthowtousetheSet-Usercmdletandwould
liketoseeanexample.Howcanyouviewexamplesforthiscmdlet?
Chapter6
UnderstandingtheExchangeAutodiscoverProcess
BeinganExchangeServeradministratorisrewardingand,attimes,frustrating.Oneof
themostcommonsourcesoffrustrationwe'veencounteredismanagingthe
interactionsbetweenourExchangeserversandtheOutlookdesktopclient.Inlarge
organizations,twoseparategroupsmaintainthesepiecesofthecommonpuzzle.In
smallerorganizations,though,thesamepeoplecanhandleboththeserverandthe
clients.It'sinorganizationslikethesethatyoulearnthetruthofthematterthat
ExchangeServerandOutlookweredevelopedbytwoseparateproductgroups
(althoughthegroupsarenowjoined).
Historically,manyOutlookclientissuesweretheresultofmismatchesbetweenthe
Outlookprofilesettingsandtheactualserverconfigurations.InExchangeServer
2007,MicrosoftintroducedtheAutodiscoverservice,acomponentoftheClient
A
ccessrole,whichwasintendedtoallowbothclients(suchasOutlook,Windows
Mobile,andEntourage)andotherExchangeserverstoautomaticallydiscoverhow
y
ourExchangeServerorganizationisconfiguredanddeterminetheappropriate
settingswithoutdirectadministratorinvolvement.
ManyExchangeServer2007organizationsranintotwomainproblemsgetting
A
utodiscoverproperlyconfiguredanddeployed:understandingtheconceptsand
gettingthecertificatesproperlydeployed.BydeployingExchangeServer2010,
administratorsincreasedtheirknowledgeoftheAutodiscoverprocesses.Inthislatest
releaseofExchangeServer,theupdateisamuchsimpler,muchmoreevolved,anda
moreadministrator-friendlyfeature.
INTHISCHAPTER,YOUWILLLEARNTO:
WorkwithAutodiscover
TroubleshootAutodiscover
ManageExchangeServercertificates
AutodiscoverConcepts
Let'sshareanunpleasanttruththatalotofadministratorshavenotyetlearned:the
AutodiscoverserviceisnotanoptionalcomponentofanExchangeServer
organization.Itmayseemasifit'soptional,especiallyifyouhaven'tyetdeployeda
versionofOutlook,WindowsPhone,orOfficeforMacthattakesadvantageofit.More
thanthat,youcan'tgetridofit—Autodiscoverisonfromthemomentyouinstallthe
firstserverintheorganization.Youcan'tshutitoff,youcan'tdisableit,andyoucan't
keepclientsandExchangeserversfromtryingtocontactit(althoughyoucancause
problemsbynotproperlyconfiguringAutodiscover,breakingfeatures,andforcing
fallbacktoolder,moreerror-pronemethodsofconfiguration).
WeknowseveralExchangeServer2007organizationsthatlimpedalongseemingly
justfinewithAutodiscoverimproperlyconfiguredorjustplainignored.However,
whenAutodiscoverhasbeenneglected,thisinevitablysignalsanExchangeServer
organizationwithotherproblems—andthisiseventruerinExchangeServer2016
thaninpreviousversions.Autodiscoverismorethanjustawaytoeasethe
administrationofOutlookclientprofiles.OtherExchangeServercomponents,servers,
andservicesalsouseAutodiscovertofindtheserversandsettingswithwhichthey
needtocommunicate.InorderfortheOutlookclienttoleveragemanyofthe
advancedfeaturesofExchangeServer,includingthehigh-availabilityfeatures,the
clientdependsonafunctionalAutodiscoverservice.Ifyouwanttousetheexternal
calendarsharingorSkypeforBusinessintegration,you'dbettergetAutodiscover
squaredaway.
InordertoproperlyplananddeployAutodiscover,youhavetoworkthroughsomeof
themostpotentiallyconfusingaspectsofanExchangeServerdeployment.Thegood
news,though,isthatonceyouhavetheseissuessolved,youwillhaveheadedoff
someconfusingandannoyingerrorsthatmightotherwisecauseproblemsdownthe
road.Theseissuesincludenamespaceplanningandcertificatemanagement.Trustme
thatgettingtheseissuessortedwillmakeyourclientaccessdeploymentandyour
overallmanagementtasksaloteasier.
WhatAutodiscoverProvides
Autodiscoverisnecessaryforfarmorereasonsthanthatitmakesconfiguringyour
Outlookclientseasier.InExchangeServer2007,theclientsdidbenefitagreatdeal,
whichispartofthereasonmanypeopledidnotseethepointoflearningaboutthe
service.Eitherthat,oritworkedsubtlybehindthescenes,andsomeadministrators
livedinignorantbliss,oncesomeconfigurationwasdone.BeginningwithExchange
Server2013,boththeclientandtheserverbenefitsgetbetter.
TheinformationprovidedbyAutodiscoverincludesthefollowing:
Outlookclientconnectionconfiguration
ConfigurationURLsfortheOfflineAddressBook(OAB)
ConfigurationURLsforfreeandbusyinformation
Outlookprofileconfigurationinformation
ClientBenefits
ExactlywhatbenefitsyougetfromAutodiscoverdependsonwhichclientyou're
using:
Outlook2010,Outlook2013,andOutlook2016fullysupportAutodiscover.
Outlook2007supportsAutodiscoverbutisn'tasupportedclientforExchange
Server2016.Outlookversionspriorto2007donotuseAutodiscover,buttheyare
notsupportedasclientsofExchangeServer2016either.Whenwesay“not
supported,”wemeanthatMicrosoftwon'tprovidesupport.Insomecases,youmay
havebasicfunctionality,butsomeotherfunctionalitymaynotwork.Notethat
extendedsupportforOffice2007endsinOctoberof2017.
iPhones,iPads,Android,WindowsMobile6.1,WindowsPhone7.x/8.x,and
WindowsPhone10andlatersupportAutodiscover,andmanymobileuserstoday
relyonAutodiscoverforeasyconfigurationofanewdevice.
TheWindowsMailappthatisbuiltintotheWindows8Proandlateralsouses
Autodiscovertoconfigureclientsettings(incidentally,thoseclientsarethen
configuredasExchangeServerActiveSyncclients).
Ifyou'reaMacuser,youmaypreferusingOutlookforMac2016.Thisversionof
OutlookworksinasimilarwaytothePCversion,exceptitdoesnotsupport
serviceconnectionpoint(SCP)lookup.SCPlookupisamethodusedforlocating
services,ormorespecificallytheserversthatruntheservices,andisexplained
lateroninthischapter.
EventhoughyougetallthesegreatbenefitsfromAutodiscover,likelytheonlytime
youwillseeAutodiscoverworkingiswhenconfiguringaclient,suchasOutlook,for
thefirsttime.Whenrunningthroughaninitialconfigurationwizard,auseris
promptedtoconfigureOutlooktoconnecttoanemailserver.Theonlyinformation
theyneedtoknowistheemailaddressandpassword.Then,theircomputerwilllook
upthecorrectdetailsusingAutodiscoverandconfiguretheOutlookprofile
automaticallyasshowninFigure6.1.
Figure6.1CompletingtheinitialOutlookconfigurationusingAutodiscover
AlthoughthesearethemainAutodiscover-awareclients,they'renottheonlyones.For
example,theMicrosoftSkypeforBusinessclientanddevicesuseAutodiscoverand
ExchangeWebServices.ThebehaviorofAutodiscoverhasbeenclearlydocumentedby
Microsoft,sootherthird-partyclientsandmobiledevicesalsoutilizeit.Featuresthat
OutlookandWindowsPhonewillleverageincludethefollowing:
SupportforDNSARecordsBydefault,externalclientsattempttofindthe
AutodiscoverservicethroughDNSlookupsbasedontheemailaddressoftheuser.
SupportforDNSSRVRecordsDuetopopulardemand,startinginExchange
Server2010,theExchangeServerandOutlookteamsprovidedsupportfortheuse
ofServiceLocator(SRV)recordsfororganizationsthatcouldn'tuseAddress(A)
recordsanddidn'twanttouseCNAMEs.SRVrecordsarealsousefulwhen
Exchangeishostedinaseparateforest.
SupportforActiveDirectoryServiceConnectionPointObjectsDomain-
joinedclientsthatcancontactActiveDirectory—effectivelyanyWindowsclient
runningOutlook2010orlater—canutilizeanActiveDirectoryfeaturecalled
serviceconnectionpoints.SCPsprovideanumberofbenefitsthataren'tavailable
withplainDNSlookups.SCPsallowclientstolocateresourcesviaSCPobjects
withintheActiveDirectory.TheSCPobjectcontainsthelistofAutodiscoverURLs
fortheActiveDirectoryforest.YoucanusetheSet-ClientAccessServicecmdletto
modifytheSCPobject.(Andofcourse,youcanuseGet-ClientAccessServicetoview
theobject.)
InternalOrganizationSettingsServicesonExchangeServer2016servershave
bothinternalURLsforclientswithinthefirewall(suchasOutlookandSkypefor
Businessondomain-joinedWindowsdevices)andexternalURLsforprettymuch
everythingelse.InternalsettingsusetheappropriateExchangeServerFQDNsby
default,unlessyoumodifythem(suchaswhenusingloadbalancers).
ExternalOrganizationSettingsExternalsettingsallowservicestobereached
throughInternet-availableFQDNs.Forsomereason,manyorganizationsdon'tlike
publishingtheinternalFQDNsoftheirExchangeservers.Usingexternalsettings
mayalsoensurethatconnectionsareloadbalancedorsentthroughfirewalls.
LocationoftheUser'sMailboxServerInearlierversionsofExchangeServer,
theuser'sMailboxserverwasstoredinActiveDirectory,stampedontheuser
object.However,withthearchitecturalchangestoExchangeServer2013,Outlook
canconnecttooneofseveralMailboxservers,whichprovidetheclientaccess
servicesinasite.Theconnectionisstateless;inotherwords,thereisnosession
affinity,sofromonehourtothenextadifferentMailboxservermaybehandling
theconnection.ThismakesAutodiscoverallthemoreimportant.Nowusinga
user'smailboxGUIDplusthedomainnamefromtheSMTPaddressoftheuser,
OutlookfindsaconnectionpointtoaMailboxserver.Previously,Outlookhada
directaffinitytotheMailboxserveroraClientAccessserverwiththeClientAccess
arrayfeatureintroducedinExchangeServer2010.ClientAccessarrays,thevirtual
RPCendpointavailableinExchangeServer2010,nolongerexistsinExchange
Server2013orExchangeServer2016;butthenagainit'snolongernecessary
either.
LocationoftheAvailabilityServiceCalendaritemsarestoredineachuser's
mailbox.However,theirfree/busyinformationhashistoricallybeenplacedina
systempublicfolder,whichcouldsufferfromlatencyduetoreplicationlag.The
ExchangeAvailabilityServiceallowscurrentinformationtobequicklylookedup
byclients(bothintheorganizationandinfederatedorganizations)astheyneedit,
ratherthanhavingthemdependentonstaledatainpublicfoldersaswasthecase
inpreviousversions.
LocationoftheOfflineAddressBookServiceOABsinExchangeServer2016
aregeneratedbyanarbitrationmailbox,knownasanOrganizationmailbox.This
createsthefilesthataClientAccessservicewilldelivertoOutlookclientsvia
HTTPS.InExchangeServer2010andprevious,clientscouldretrievethisfroma
publicfolder.LocatingtheOABURLisessential,becauseOutlookrunsincached
modebydefaultandreliesontheOABforaddressbooklookups.Autodiscover
directsOutlooktotheOABURLthatcanfetchthechangesaclientrequires.Ifthis
oranyotherExchangeWebServicesURLmightchangeontheExchangeserver,
theclientperiodicallycheckstheAutodiscoverservicetoreceivethoseupdatesand
changes.AutodiscoveriscontactednotonlyduringthestartupprocessofOutlook
butothertimesaswell.
OutlookAnywhereSettingsWithExchangeServer2016,allOutlook
connectionsuseRPCoverHTTPS,akaOutlookAnywhere,orMAPIoverHTTP.
OutlookAnywhereisnowtheconnectionmethodforinternal,aswellasexternal
connections,andthislatestversionofExchangeServernolongeracceptsMAPI
overRPCconnectionsfromOutlookclients.Now,havingtheexternalURL
informationisarequirementforclientsoutsideyourcorporatefirewall,butmore
settings,suchasthecertificatevalidationname,arenecessaryforasuccessful
OutlookAnywheresessiontobeestablished.
Laterinthischapter,we'llwalkthroughatypicalOutlook2016Autodiscoversession
andshowhowallthisinformationisused.Fornow,justbeawarethatthevalueof
manyoftheseoptionscanbeuserdependent(suchasthemailboxlocation)orsite
dependent.Asaresult,theAutodiscoverserviceisavitalpartofspreadingload
throughouttheentireorganization,minimizingtrafficoverWANlinksbetweensites
andbranches,andensuringthatyourusersareconnectingtothebestserverstheycan
reachatthetime.
ServerBenefits
Autodiscoverisn'tjustusefulforclientsconnectingtotheExchangeServer
infrastructure;it'salsousefulforotherservers,bothwithintheorganizationand
without:
ServerswithinthesameorganizationandActiveDirectoryforestuseAutodiscover
tolocatevariousservicesonauser'sbehalf.Forexample,whenauserperformsa
logontoOutlookontheweb,theMailboxserverhandlingtheOutlookontheweb
sessionneedsseveralofthepiecesofinformationprovidedbyAutodiscover.Using
AutodiscoverreducestheloadonActiveDirectorydomaincontrollersandglobal
catalogserversandremovesrelianceoncachedinformation.Thisistruewhether
you'reinamixedExchangeServer2016/2013organizationoraredeploying
ExchangeServer2016forthefirsttime.
ServerswithinthesameorganizationbutinadifferentActiveDirectoryforest
dependoncross-forestserviceconnectionpointsandinternalAutodiscoverto
crosstheforestboundariesanddiscovertheappropriateserverstouse.Inthis
situation,oneExchangeserverinthesourceforestwilloftenactasaproxyforthe
appropriateservicesinthetargetforest,oritmaysimplyredirecttheclient.In
multiple-forestdeployments,theuseofAutodiscoverisprettymuchmandatoryto
ensurethatExchangeserversinseparateforestscaninteroperateproperly.
Serverswithinseparatefederatedorganizationsrequiretheuseoftheexternal
Autodiscoverinformationtoreachfederatedavailabilityservices.This,plusthe
relevantauthenticationinformation,allowsuserstosecurelysharecalendarand
free/busyinformationwiththeircounterpartsinfederatedExchangeServer
organizations.WithotherExchangeServerorganizations,federationgreatly
simplifiestheconfigurationandmanagementofthesetypesofoperations.
So,let'stakealookatthenitty-grittyofhowAutodiscoverworks.
HowAutodiscoverWorks
Don'tbefooledbytheseemingcomplexityyou'reabouttosee.Autodiscoverispretty
simpletounderstand.Thebiggestcomplicationscomefromcertificatesand
namespaceplanning,whichwe'llgettoinabitandwhichhavegottensignificantly
simpler,withfewernamespacesrequired.
TheServiceConnectionPointObject
ThefirstpieceoftheAutodiscoverpuzzlelieswiththeserviceconnectionpoint(SCP)
object.AseachMailboxserverinstanceisinstalledintoyourorganization,itcreates
anSCPobjectintheConfiguration-namingpartitionoftheActiveDirectorydomainto
whichitisjoined,atthefollowinglocation:
CN=<MailboxServerNetBIOSName>,CN=Autodiscover,CN=Protocols,CN=<CASServer
NetBIOSName>,CN=Servers,CN=ExchangeAdministrativeGroup
(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=<OrganizationName>,
CN=MicrosoftExchange,CN=Services,CN=Configuration,DC=<domainname>,DC=<domain
suffix>
Here'swhatatypicalSCPobjectlookslikewhendumpedfromtheLDP(LDP.EXE)tool:
ExpaNYC-ndingbase
'CN=EX1,CN=Autodiscover,CN=Protocols,CN=NYC-EX1,CN=Servers,CN=Exchange
AdministrativeGroup(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com'…
Getting1entries:
Dn:CN=NYC-EX1,CN=Autodiscover,CN=Protocols,CN=NYC-EX1,CN=Servers,CN=Exchange
AdministrativeGroup(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com
cn:EX1;
distinguishedName:
CN=NYC-EX1,CN=Autodiscover,CN=Protocols,CN=EX1,CN=Servers,CN=Exchange
AdministrativeGroup(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com;
dSCorePropagationData:0x0=();
instanceType:0x4=(WRITE);
keywords(2):Site=Default-First-Site-Name;77378F46-2C66-4aa9-A6A6-
3E7A48B19596;
name:NYC-EX1;
objectCategory:CN=Service-Connection-
Point,CN=Schema,CN=Configuration,DC=contoso,DC=com;
objectClass(4):top;leaf;connectionPoint;serviceConnectionPoint;
objectGUID:44f44e8c-164a-446a-9eb8-f21a59b11b65;
serviceBindingInformation:
https://nyc-ex1.contoso.com/Autodiscover/Autodiscover.xml;
serviceClassName:ms-Exchange-AutoDiscover-Service;
serviceDNSName:NYC-EX1;
showInAdvancedViewOnly:TRUE;
systemFlags:0x40000000=(CONFIG_ALLOW_RENAME);
uSNChanged:184521;
uSNCreated:184521;
whenChanged:8/1/20166:05:05PMPacificDaylightTime;
whenCreated:8/1/20166:05:05PMPacificDaylightTime;
Thereareafewkeypropertiesoftheseentriesyoushouldnote:
TheobjectClasspropertyincludestheserviceConnectionPointtype.Thisidentifies
theentryasanSCP,allowingittobesearchedeasilyusingLDAP.
TheserviceClassNamepropertyidentifiesthisparticularSCPasanms-Exchange-
AutoDiscover-Serviceentry.ThecomputerssearchingforAutodiscoverrecordscan
therebydeterminethatthisisanentrypertainingtoAutodiscoverandthatthey
shouldpayattentiontoit.Theclientsearchestheconfiguration-namingcontext
foranyobjectsthathaveaserviceClassName=ms-Exchange-Autodiscover-Service.
UsingthecombinationofobjectClassandserviceClassNameallowscomputersto
efficientlyfindallrelevantSCPentries(throughanindexedsearchfromadomain
controller)withoutknowinganycomputernamesaheadoftime.
TheserviceBindingInformationpointstotheactualAutodiscoverXMLfilethatthe
clientshouldaccessinordertoretrievethecurrentAutodiscoverinformation.
Moreonthislater.
Thekeywordspropertyholdsadditionalinformationthattheclientsuse.
Specifically,takenoteoftheSite=value.Thisvaluehelpsyoucontrolsiteaffinity,
ensuringthatclientsusenearbyserversthataren'tinfar-offsitestoprovidetheir
ExchangeServerservices(unlessthatisdesirable).
TherestofthepropertiesonanSCPobjectarefairlystandardforActiveDirectory
objects,sowewon'tdiscussthemfurther.
Nowthatyouknowwhataserviceconnectionpointisandwherethey'relocated,
you'remostlyset.ThedistinguishednameofeachSCPobjectuniquelyidentifiesthe
hostassociatedwithoutthatobject.IftheclientsearchreturnsmultipleSCPobjects
thattheclientwilluse,itwillselectamongthemaccordingtoalphabeticalorder.This
canbeusefultoknow.
NotealsothatanExchangeserverinstancepublishesitscorrespondingSCPobjectto
ActiveDirectoryonlywhenitisinstalled(whichisdoneautomaticallyforyou).Ifyou
changesomethingabouttheExchangeserver—suchaswhichsiteit'slocatedin—it
willnotupdateitsSCPobject.Youhavetodothatmanually.Thebestwayistouse
ExchangeManagementShell.Hereisasamplecommandthatconfiguresaserver
namedNYC-EX1tohaveaninternalURLfortheXMLfilelocationandalsosetsitto
beauthoritativefortwosites:
Set-ClientAccessService-IdentityNYC-EX1-AutodiscoverServiceInternalURI
"https://mail.contoso.com/autodiscover/autodiscover.xml"
-AutoDiscoverSiteScope"Site1","Site2"
TheDNSOption
TheSCPisusedwhentheclientorserverisjoinedtoanActiveDirectorydomainand
canperformthesearchagainstthedomaincontrollers.Whenthediscovering
computerisexternalornotdomainjoined,anothermechanismisused:DNSlookups.
ThefollowinglistdescribestheDNSlookupsthatareperformedfortheAutodiscover
serviceinagivendomain.Forthisexample,let'susetheuserUserA@contoso.com.
Theclient(orserver)takesthedomainportion(contoso.com)ofthisaddressand
performsthefollowinglookupsinorderuntilitfindsamatch:
1. ADNSArecord(orCNAMErecord)forcontoso.comthatpointstoawebserver
thatrespondstotheHTTPSURL
https://contoso.com/Autodiscover/Autodiscover.xml.
2. ADNSArecord(orCNAMErecord)forautodiscover.contoso.comthatpointstoa
webserverthatrespondstotheHTTPSURL
https://autodiscover.contoso.com/Autodiscover/Autodiscover.xml.
3. ADNSArecord(orCNAMErecord)forcontoso.comthatpointstoawebserver
thatrespondstotheHTTPURL
http://autodiscover.contoso.com/Autodiscover/Autodiscover.xml.(Notethatthis
URLshouldbeconfiguredtoredirecttotheactualHTTPSlocationofthe
Autodiscoverservice.)
4. ADNSSRVrecordforautodiscover._tcp.contoso.com.(Thisrecordshouldcontain
theportnumber443andahostname,suchasmail.contoso.com,allowingthe
clienttotrytheHTTPSURL
https://mail.contoso.com/Autodiscover/Autodiscover.xml.)
IftherequestedhostnameisreturnedthrougheitheraCNAMErecordoranSRV
record,beawarethatyourclients(Outlookinparticular)maydisplayawarningdialog
withthefollowingtext:
AllowthiswebsitetoconfigureUserA@contoso.comserversettings?
https://mail.contoso.com/autodiscover/autodiscover.xml
Youraccountwasredirectedtothiswebsiteforsettings.
Youshouldonlyallowsettingsfromsourcesyouknowandtrust.
ThiswarningwillappeareverytimetheclientperformsAutodiscoverunlessyou
checktheDon'tAskMeAboutThisWebsiteAgaincheckbox.Youcanalso
prepopulatetheRegistrykeytopreventthiswarning.SeetheKnowledgeBasearticle
athttp://support.microsoft.com/kb/2480582.
NotethatAutodiscoverexpectstheuseofHTTPS.Don'tpublishitovernonsecure
HTTPandexpectclientstobehappyaboutit.Youhavealotofsensitiveinformation
goingthroughAutodiscover,includingusercredentials.Asaresult,certificate
considerationswillplayalargepartinyourAutodiscoverconfiguration.
WhichOptionShouldIChoose?
YoucanuseseveraldifferentmethodstopublishAutodiscoverservicesthrough
DNS.Intheend,theoptionyouchooseisuptoyouandyourbusinessneeds.
However,youshouldconsiderthesepointstoseehowtheyalignwithyour
businessobjectives.Again,let'sconsiderthecaseofcontoso.com.
PublishingAutodiscoverunderhttps://contoso.comdoesn'trequireyouto
haveanextraDNSnameforinternalclients.IfyouhaveHTTPSpublishedon
thishostnamealready,youdon'tneedtouseanextracertificateorhostname
aslongasyoucanensurethattheAutodiscovervirtualdirectorycanbe
publishedundertheexistingwebsite.Mostorganizationswillprobablyalready
havethisnamespacepublishedintheirDNS,butitcouldresultinname-
resolutioncollisionsiftheURLthatitpointstodoesnothavethe
Autodiscoverinformation.
PublishingAutodiscoverunderhttps://autodiscover.contoso.comrequiresyou
tohaveanextraDNSname,butit'sahostnamethatisn'tlikelytobeusedby
anyotherservers.However,you'llneedtohaveaSubjectAlternativeName
(SAN)certificateorawildcardcertificate(notrecommended—seethesection
“PlanningCertificateNames”)orusemultiplecertificatesandasecondvirtual
website.Publishingasecondwebsiteisquiteabitmorecomplicatedthan
simplyusingthedefaults,sokeepthatinmind.
PublishingAutodiscoverundertheHTTPredirectnotonlyrequiresyouto
haveanextraDNSnamebutalsoinvokesthesecuritywarningforeachuser.
You'llneedtoconfiguretheappropriateredirect,andyou'llneedtohaveaSAN
certificateorawildcardcertificateorusemultiplecertificatesandasecond
virtualwebsite.Thisoptionmaymakesensefororganizationsthatarehosting
multipleserversorSMTPnamespaceswithinasingleExchangeServer
organization.
PublishingAutodiscoverunderanSRVredirectrequiresyoutohaveexternal
DNSserversthathandletheSRVtype.MostmodernDNSserverscanhandle
this,butsomeDNShostingservicesdonot.Additionally,thisredirectinvokes
thesecuritywarningforeachuser.Finally,you'llneedtohaveaSAN
certificateorawildcardcertificateorusemultiplecertificatesandasecond
virtualwebsite.
Inmyexperience,thesecondoption(https://autodiscover.contoso.com)isthe
bestcombinationofsimplicityandcontrol.It'stheonethatmostorganizations
we'veworkedwithhaveused.WhenExchangeServer2007wasfirstintroduced,
certificateauthoritiesthatcouldprovideSANcertificateswererareandthe
certificatesthemselveswereexpensive,makingthealternativemorepalatable.
Now,however,thatisnolongerthecase.IfyouhesitatetodeploySAN
certificates,thereisalotofgoodguidanceouttheretohelpyou—includingthe
section“DeployingExchangeCertificates,”laterinthischapter—andExchange
Servergivesyoubettertoolstomanagethem.
TwoStep-by-StepExamples
Enoughtheory.Let'sdiveintoourexamplewithacompanythathasthecontoso.com
domainandshowyouawalk-throughofacommonscenario:adomain-joined
Outlook2016clientperformingAutodiscoverbehindtheorganizationfirewall.To
illustratethisscenario,we'lluseatooleveryExchangeServeradministratorshould
knowwell:theOutlookTestE-MailAutoConfigurationtool,showninFigure6.2.
Whenusingthistool,besuretounchecktheUseGuessmartandSecureGuessmart
AuthenticationoptionsinordertogetonlytheresultsofanAutodiscoverquery.The
greatthingaboutthistoolisthatitexposesalltheURLsthatarereturnedtothe
Outlookclient.ThisallowstheadministratortoquicklyidentifymisconfiguredURLs
andruleoutseveralpotentialproblemswhentroubleshootingconnectivity.
Figure6.2UsingtheTestE-mailAutoConfigurationtool
YoucanaccessthistoolfromOutlookbyholdingdowntheCtrlkeywhileright-
clicking(orleft-clicking)theOutlookiconinthenotificationareaonthetaskbar.This
opensthemenushowninFigure6.3.Fromthismenu,selecttheTestE-mail
AutoConfigurationoption.
Figure6.3AccessingtheTestE-mailAutoConfigurationtool
Whenadomain-joinedmachineperformsAutodiscover,itstepsthroughthefollowing
process:
1. ItperformsanLDAPsearchforallSCPobjectsintheforest.Outlookenumerates
thereturnedresultsbasedontheclient'sActiveDirectorysitebysortingthe
returnedSCPrecordsusingthekeywordsattribute;iftherearenoSCPrecordsthat
containamatchingsitevalue,allnonmatchingSCPrecordsarereturned.Ifthere
aremultiplematchingSCPobjects,OutlooksimplychoosestheoldestSCPrecord
sincethelistisnotsortedinanyparticularorder.
2. OutlookattemptstoconnecttotheconfiguredURLspecifiedintheSCPrecord's
ServiceBindingInformationattribute:https://
mail.contoso.com/Autodiscover/Autodiscover.xml.
3. WhenOutlookattemptstoconnecttotheURL,theXMLfileisgeneratedfromthe
clientrequest,andthentheclientsuccessfullyreceivestheXMLfileshownin
Listing6.1.(ThisoutputcanbeseenontheXMLtabintheTest-Email
AutoConfigurationscreen.)
Listing6.1AnAutodiscoverXMLResponse
<?xmlversion="1.0"encoding="utf-8"?>
<Autodiscoverxmlns="http://schemas.microsoft.com/exchange/autodiscover/
responseschema/2006">
<Response
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/
responseschema/2006a">
<User>
<DisplayName>UserOne</DisplayName>
<LegacyDN>/o=Contoso/ou=ExchangeAdministrativeGroup
(FYDIBOHF23SPDLT)/
cn=Recipients/cn=3c180eec39b04806a3516ed579c88e7a-UserOne</LegacyDN>
<AutoDiscoverSMTPAddress>User1@contoso.com</AutoDiscoverSMTPAddress>
<DeploymentId>af1a8434-68f6-4a93-84c9-bd6129e1a10b</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<ConsumerMailbox>False</ConsumerMailbox>
<ProtocolType="mapiHttp"Version="1">
<MailStore>
<InternalUrl>https://nyc-ex1.contoso.com/mapi/emsmdb/
?MailboxId=b3f98068-b1a1-4ed9-a698-a53730b8845c@contoso.com</InternalUrl>
</MailStore>
<AddressBook>
<InternalUrl>https://nyc-ex1.contoso.com/mapi/nspi/
?MailboxId=b3f98068-b1a1-4ed9-a698-a53730b8845c@contoso.com</InternalUrl>
</AddressBook>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrlAuthenticationMethod="Basic,Fba">https://nyc-
ex1.contoso.com/
owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://nyc-ex1.contoso.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>nyc-ex1.contoso.com</Server>
<SSL>Off</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://nyc-ex1.contoso.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://nyc-ex1.contoso.com/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://nyc-ex1.contoso.com/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://nyc-ex1.contoso.com/owa/</EcpUrl>
<EcpUrl-um>?path=/options/callanswering</EcpUrl-um>
<EcpUrl-aggr>?path=/options/connectedaccounts</EcpUrl-aggr>
<EcpUrl-mt>options/ecp/PersonalSettings/DeliveryReport.aspx?rfr=olk&
exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<
Mbx>&realm=contoso.com</EcpUrl-mt>
<EcpUrl-ret>?path=/options/retentionpolicies</EcpUrl-ret>
<EcpUrl-sms>?path=/options/textmessaging</EcpUrl-sms>
<EcpUrl-photo>?path=/options/myaccount/action/photo</EcpUrl-photo>
<EcpUrl-tm>options/ecp/?rfr=olk&ftr=TeamMailbox&exsvurl=1&
realm=contoso.com</EcpUrl-tm>
<EcpUrl-tmCreating>options/ecp/?rfr=olk&ftr=TeamMailboxCreating&
SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>
&exsvurl=1&realm=contoso.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>options/ecp/?rfr=olk&ftr=TeamMailboxEditing&Id=
<Id>
&exsvurl=1&realm=contoso.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>?path=/options/manageapps</EcpUrl-extinstall>
<OOFUrl>https://nyc-ex1.contoso.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://nyc-ex1.contoso.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://nyc-ex1.contoso.com/OAB/
8e45a957-b581-4044-9014-628b1cb31aef/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>None</CertPrincipalName>
</Protocol>
</Account>
</Response>
</Autodiscover>
TherearesixkeysectionstonoteinListing6.1:
TheUserandAccountsectionslisttheuserinformationfortheauthenticateduser.
TheEXCHprotocolsection(identifiedbytheEXCHtag)isforconnectionsinsidethe
firewall.Remember,allOutlookconnectionsarenowoverHTTPS.TheURLs
providedinthissectionarebasedontheInternalURLvalues.
TheEXPRprotocolsection(identifiedbytheEXPRtag)isOutlookAnywhere—RPC
overHTTPS.TheURLsprovidedinthissectionarebasedontheExternalURL
values.
TheWEBprotocolsection(identifiedbytheWEBtag)isusedforOutlookontheweb
andothertypesofclients.TheURLsprovidedinthissectionareforclientsandare
basedonthebestURLfortheuserstouse.
Youwillnoticewhatlookslikeanewprovider,ExHTTP,inthelistofreturned
providerstotheOutlookclient.However,ExHTTPisn'taprovider;itjustlookslike
oneintheAutodiscoverlog.ItisacalculatedsetofvaluesfromtheEXCHand
EXPRsettingsthatareprocessedonlybyOutlook2013andlaterclients.
Iftheclienthadbeenoutsidethefirewall,itwouldhavefollowedasimilarprocess,
butinsteaditstepsthroughthehostnamesandURLsasdescribedintheprevious
sectiononDNSnames.Anexternalclient(forthedomaincontoso.com)using
Autodiscovergoesthroughthesesteps:
1. TheclienttriestoconnecttotheActiveDirectorySCPbutisunabletodoso.
2. TheclientperformsaDNSqueryforcontoso.comandthen
autodiscover.contoso.comandtriestoconnecttotheAutodiscoverURL.
3. Theclientauthenticatesandretrievesautodiscover.xmlfromtheAutodiscover
HTTPShost.
4. TheclientparsesthroughtheWEBsectionsoftheautodiscover.xmlfileinorderto
determinethecorrectURLtowhichitshouldconnect.
5. TheclientinitiatesaconnectiontotheappropriateexternalURL.
Tohelpstepthroughandtroubleshootexternalconnectivity,youshouldbeawareof
theMicrosoftRemoteConnectivityAnalyzertool,availableonlinefrom
https://testconnectivity.microsoft.com/.Thisweb-basedtoolfromMicrosoftprovides
asecure,reliablesuiteofteststohelpdiagnoseproblemswithnotonlyAutodiscover
butalloftheweb-basedExchangeServerremoteclientaccessprotocolsandalso
server-to-servertestslikeSMTPconnectivityandconnectivityfromotherclientssuch
asSkypeforBusiness.
Wecan'tsayenoughaboutthisgreattroubleshootingweapon,initiallydevelopedasa
petprojectbyacoupleofMicrosoftengineers.EspeciallyintheearlydaysofExchange
Server2010,thistoolsavedusinmanysituations.Today,weuseitmoreasa
validationtoolthanatroubleshootingtool,butregardlessofyourlevelofexpertise
withAutodiscover,you'llfindhappinesssomewhereintheRemoteConnectivity
Analyzer.
SiteAffinity(akaSiteScope)
You'vegottenthroughthebasicsofAutodiscover,soyou'rereadyforsomeadvanced
concepts,suchashowsiteaffinityworks.
Tounderstandthepointofsiteaffinity,consideranorganizationthathasmultiple
locations—we'llsayinSeattle,Washington(codeSEA);Toledo,Ohio(codeTOL);and
NewOrleans,Louisiana(codeMSY).ThereareExchangeserversandusersineachof
theselocations.ThelinksbetweentheselocationsrunoverWANlinksfromSeattleto
ToledoandToledotoNewOrleans;itisneitheroptimalnordesiredtoallowusersin
SeattletouseClientAccessservicesinNewOrleans(orviceversa).Usingsiteaffinity,
wecanusethefollowingcommandstohelpensurethisdoesnothappen:
Set-ClientAccessService-Identity"sea-ex01"
-AutodiscoverServiceInternalURI"https://sea-ex01.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-SEA","Site-TOL"
Set-ClientAccessService-Identity"sea-ex02"
-AutodiscoverServiceInternalURI"https://sea-ex02.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-SEA","Site-TOL"
Set-ClientAccessService-Identity"tol-ex01"
-AutodiscoverServiceInternalURI"https://tol-ex01.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-SEA","Site-TOL","Site-MSY"
Set-ClientAccessService-Identity"tol-ex02"
-AutodiscoverServiceInternalURI"https://tol-ex02.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-SEA","Site-TOL","Site-MSY"
Set-ClientAccessService-Identity"msy-ex01"
-AutodiscoverServiceInternalURI"https://msy-ex01.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-TOL","Site-MSY"
Set-ClientAccessService-Identity"msy-ex02"
-AutodiscoverServiceInternalURI"https://msy-ex02.contoso.com/
autodiscover/autodiscover.xml"-AutodiscoverServiceSiteScope
"Site-TOL","Site-MSY"
NotethattheSet-ClientAccessServicecmdletreplacestheSet-ClientAccessServer
cmdlet(althoughitstillexists).WhenclientsperformAutodiscover,theywillmatch
onlytherecordsforthoseMailboxserversthatmatchthesitetheyarecurrentlyin.
ClientsinSeattlewillmatchonlytheSEA-EX01,SEA-EX02,TOL-EX01,andTOL-EX02SCP
objects.Becausetherearemultipleobjects,theywillperformtheirinitialdiscoveryto
TOL-EX01(thiswasthelastserverconfigured),whichwillthenreturnURLsforthe
serversintheSeattlesite.
Likewise,clientsinNewOrleanswillmatchonlytheMSY-EX01,MSY-EX02,TOL-EX01,and
TOL-EX02SCPobjects.Becausetherearemultipleobjects,theywillperformtheir
initialdiscoverytoMSY-EX01,whichwillthenreturnURLsfortheserversintheNew
Orleanssite.
ClientsinToledowillmatchallsixSCPobjects.Becausetherearemultipleobjects,
theywillperformtheirinitialdiscoverytoMSY-EX01,whichwillthenreturnURLsfor
theserversintheToledosite.
Ifthesearenottherequiredbehaviors,youshouldtakeacloselookattheExchange
Server2007Autodiscoverwhitepaperathttp://technet.microsoft.com/en-
us/library/bb332063.aspx.AlthoughthispaperisforExchangeServer2007,the
conceptstransfertoExchangeServer2016withoutmuchdamage.
PlanningCertificatesforAutodiscover
TheotherhardpartforAutodiscoverismanagingtherequiredcertificates.After
workingwithanumberofExchangeServer2007deployments,webegantorealize
thatthebiggestdifficultywithAutodiscovercertificateswasinevitablytheneedtouse
astorageareanetwork(SAN)certificate.Whileotherscenariosarepossible(suchas
creatingaseparateAutodiscoverwebsiteonaseparateIPaddressandusingasecond
single-namecertificate)asoutlinedintheExchangeServer2007Autodiscoverwhite
paper,theseoptionsendedupbeingfarmorecomplicatedtorun.
Sowhat'ssodifficultaboutSANcertificates?Wethinkthatmostpeopledon't
understandwhatcertificatesreallyareorhowtheywork.CertificatesandPublicKey
Infrastructures(PKI)areblackmagic—stark-nakedvoodoo—mainlybecausethey've
traditionallybeencomplicatedtodeployandplaywith.GettingevenaninternalPKI
liketheWindowsServer2012R2ActiveDirectoryCertificatesServicesinplaceand
runningcanbehardtomanageunlessyoualreadyknowwhattodoandwhatthe
resultsshouldlooklike.Addtothatthedifficultyofmanagingcertificateswiththe
built-inWindowstools,andmostExchangeServeradministratorsweknowwantto
stayfarawayfromTransportLayerSecurity(TLS)andSecureSocketsLayer(SSL).
AlthoughExchangeServer2016followstheleadofpriorExchangeServerversions
andinstallsself-signedcertificatesoneachnewserver,thesecertificatesarenot
meanttotakeyouintoproductionforallscenarios.It'stechnicallypossibletoleave
theself-signedcertificateonsomeservices,buttheclientaccessserviceabsolutely
requiresthattheself-signedcertificatebereplacedbeforeenteringaproduction
environment.InternalOutlookclientscanusetheself-signedcertificates,butOutlook
doesnotignoreimproperlymatchednamesorexpiredcertificates.InternalOutlook
clientswillnotifytheuserthatthecertificateisfromanuntrustedcertificate
authority.
Externalorweb-basedclientswon'tacceptaself-signedcertificatewithoutyou
manuallyimportingtherootcertificate—whichisahugeadministrativeburdenfor
mobileclients.Forexternallyfacingdeployments,youeitherneedtohaveawell-
managedPKIdeploymentoruseathird-partycommercialcertificateauthority.Make
surethatyouuseonewhoserootandintermediateCAcertificatesarewellsupported
bytheoperatingsystemsanddevicesthatwillbeconnectingtoyournetwork.
TheX.509CertificateStandard
ThedigitalcertificatesthatExchangeServerandotherSSL/TLS-awaresystemsuseare
definedbytheX.509v3certificatestandard.ThisstandardisdocumentedinRFC2459
(andotherrelatedRFCs).TheX.509certificatesweredevelopedaspartoftheX.500
familyofstandardsfromtheOpenSourceInitiativebutprovedtobeusefulenough
thattheywereadoptedbyotherstandardsorganizations.
TheX.509certificatesarebasedontheconceptofprivatekeycryptography.Inthis
system,youhaveanalgorithmthatgeneratesapairofcryptographickeysforeach
entitythatwillbeexchangingencryptedmessagetraffic:aprivatekeythatonlythat
entityknowsandacorrespondingpublickeythatcanbefreelytransmitted.Aslongas
theprivatekeysarekeptsafe,thesystemcanbeusednotonlytosecurelyencrypt
networkcommunicationsandemailmessagesbutalsotoprovethatmessageswere
sentfromtheclaimedsender.Theexclusivityoftheprivatekeyprovides
authenticationaswellassecurity.
Forexample,IfUserAandUserBwanttoexchangeencryptedmessagesusinga
privatekeysystem(S/MIME),here'showitworks:
1. BothUserAandUserBensurethattheyeachhavesecureprivatekeys.Theyhave
exchangedtheircorrespondingpublickeys—maybethroughemail,bysendinga
digitallysignedemail,bypublishingthemontheirwebsites,orbylocatingthemin
ActiveDirectory.
2. UserA,whensendingamessagetoUserB,willuseUserA'sprivatekeytosignthe
messageandUserB'spublickeytoencryptthemessage.Allofthisensuresthat
onlyUserBwillbeabletodecryptthemessageandprovidesauthenticitythatthe
messagecamefromUserA.
3. UserBreceivestheencryptedmessages,validatesthedigitalsignature,anduseshis
privatekeytodecryptthemessage.Thisensuresthatthemessageactuallycame
fromUserA.
WhenUserBreceivesthemessage,heuseshisownprivatekeytodecryptthe
message.IfUserBwantstosendamessagetoUserAinreturn,hesimplyreverses
theprocess.IfUserBlaterneedstoopenthemessageinhisSentItemsfolder,he
wouldusehisprivatekeytodecryptit.
Digitalcertificateshelpstreamlinethisprocessandexpanditformoreusesthanjust
messageencryptionbyprovidingaconvenientwrapperformatforthepublickeysplus
someassociatedmetadata.Forourpurposes,though,we'reconcernedaboutusing
certificatesforserverauthenticationandestablishingthesymmetricshared-session
keyfortheTLSsession.
InWindows,youcanviewdigitalcertificates,examinetheirproperties,andvalidate
thecertificatechainthroughtheMMC.AlthoughWindowsdoesn'tincludea
preconfiguredCertificateconsole,itdoesincludetheCertificatessnap-in.Openan
instanceofMMC.exeandaddtheCertificatessnap-in,configuredforthelocalmachine,
asshowninFigure6.4.Youcannowviewandmanagetheservercertificatesthatwill
beusedbyExchangeServer.
Figure6.4TheCertificatesMMCsnap-in
WhileyoucanviewthepropertiesofacertificateusingtheCertificateconsole,all
certificatesthatareusedbyExchangeServer(forHTTPS,SMTP,UMCallRouter,
IMAP,orPOP)shouldbemanagedusingeithertheExchangeAdminCenterorthe
ExchangeManagementShell.
Let'stakealookatthetypicalpropertiesofanX.509v3digitalcertificateas
provisionedforExchangeServer:
SubjectNameThispropertyprovidestheidentityoftheentitytowhichthe
certificateapplies.ThiscanbeinX.500format,whichlookslikeLDAP,orinDNS
formatifintendedforaserver.
SubjectAlternativeNameThisisanoptionalpropertythatlistsoneormore
additionalidentitiesthatwillmatchthecertificate.IfthehostnameintheURL
thattheclientattemptstoconnecttodoesn'tmatchthesubjectnameorsubject
alternativenameproperties,thecertificatewillnotvalidate.Withoutthisproperty,
acertificatecanmatchonlyasinglehostname.
CommonNameAlsoknownasthefriendlyname,thispropertyprovidesauseful
texttagforhandlingandmanagingthecertificateonceyouhaveacollectionof
them.
IssuerThispropertyliststheidentityoftheissuingcertificateauthority(CA).
ThiscanbearootCAoranintermediateCA.Combinedwiththedigitalsignature
fromtheCA'sowndigitalsignature,thispropertyallowsestablishmentofthe
certificatechainoftrustbacktotherootCA.WhatdistinguishesarootCA?The
factthatthisproperty(plussignature)isself-signed.
SerialNumberThispropertyallowsthecertificatetobeeasilypublishedona
certificaterevocationlist(CRL)bythecertificateauthorityifthecertificatehas
beenrevoked.Thelocation(s)oftheCRLisusuallyincludedontheissuer's
certificate.ThisistypicallyaURL.Manyapplications,includingOutlook,attempt
tocheck(directlyorindirectlyusingWindowsCAPI2)theCRLtoverifythatthe
certificatehasbeenrevoked.
ThumbprintThisproperty(andthecorrespondingthumbprintalgorithm)isa
cryptographichashofthecertificateinformation.Thisthumbprintiscommonly
usedbyExchangeServerasaneasyidentifierforcertificates.
ValidFromandValidToThesepropertiesdefinetheeffectivedurationofthe
certificate.Theyareevaluatedaspartofthecertificatevalidation.
PublicKeyThispropertycontainstheentity'sassociatedcryptographicpublic
key.Thecorrespondingprivatekeyisneverviewedwiththecertificate.
TheCertificatePathtabofthepropertiesdialogboxdisplaysthecertificatetrustchain
andverifiesthattheproperCAcertificatesareinstalled.Wheninstallingathird-party
oraninternallygeneratedcertificate,itisessentialthattheExchangeservertrustsall
certificatesinthecertificatechain,similarlytothecertificatevalidationthatoccurson
aclientcomputer.Thetrustchainusesasimpletransitivelogicfortrusting
certificates.Certificatesareissuedbycertificationauthoritiesthatarealreadytrusted
bytheExchangeservers.Or,asitwasdescribedtomeincollege,ifyoutrustyour
father,andyourfathertrustshisfather,thenyouautomaticallytrustyour
grandfather.
DeployingExchangeCertificates
Nowthatwe'vetalkedaboutcertificatesingeneral,let'sdiveintotheissuesofgetting
themdeployedonyourExchangeServer2016servers.
PlanningCertificateNames
ThefirstpartofcreatingdigitalcertificatesforyourExchangeServer2016serversis
decidingwhichnamesyouneed.Fortheclientaccessservice,it'shighlyrecommended
thatyouaccepttheneedforaSANcertificate.AlthoughSANcertificatesaremore
expensivethansingle-namecertificates,youcanoftenconfigurethemsothatyoucan
reusethemonmultipleservers.Otherwise,youneedtousealotofsingle-name
certificates—potentiallywithmultiplewebsitesandvirtualdirectoriesonyour
Exchangeserverinstances.Thiscanbecomeanoverwhelmingamountofoperational
overhead.
Sure,youcanusewildcardcertificatesforsomescenarios,suchasOutlookand
WindowsPhones.Thewildcardcertificateisissuedforanentiredomain,suchas
*.contoso.com.Thiscertificatecouldthenbeusedbymultipleserversandsites.
Naturally,wildcardcertificatesareusuallymoreexpensivethancertificatesissuedfor
asinglehost.Beaware,also,thatnotallclients(suchasearlierWindowsMobile
phones)willrecognizewildcardcertificates.TheExchangeServerproductgroupdoes
notrecommendwildcardcertificates,andneitherdowe.Theypresentabiggerrisk
thanSANcertificates,whichpointtospecificnamedresources.Thatbeingsaid,for
smallorganizationsthatdonothavesignificantsecurityconcerns,awildcard
certificatecansometimesbeasimpleroveralldeploymentoption.
Let'stakethethree-sitecontoso.comexamplefromearlierinthischapterandsomeof
thefactorstoconsiderwhenrequestingcertificates:
ForInternetconnectivity,asinglesitewillactasthegatewayforallinbound
Internetconnectivity.ThatsitewillhosttheinitialAutodiscoverserviceand,
therefore,thedomainnameautodiscover.contoso.com.
We'llusetheFQDNmail.contoso.comasourgenericexternalaccessname.We
don'tneedtouseaseparatedomainnameforthis—wecouldeasilyuse
autodiscover.contoso.com,butusersareaccustomedtoaneasier-to-understand
name.
HavingtwonamescouldmeaneithermultipleIPaddressesandwebsitesoraSAN
certificate.Wedon'twanttoincurtheoverheadofmultiplecertificatesand
websites,sowewilluseaSANcertificate.Wecanissueasinglecertificateforall
theClientAccessserversateachsite.We'llincludetheFQDNsofeachofthe
serversintheSAN.MostcommercialCAshaveapriceincreaseafterfivenameson
aSANcertificate,soyouneedtokeepthatinconsideration.Butalwaysconsiderall
theplacesyoumaywanttouseacertificate,suchasonmultipleClientAccess
serversforloadbalancing.
So,ifwehavemultiplesites,thecertificatewillrequirethedistinctivenamesofthe
locations(suchascanada.contoso.comandeurope.contoso.com),aswellas
mail.contoso.comandautodiscover.contoso.com.Wedon'tneedtoincludethe
NetBIOSnamesofourservers—ExchangeServeranditsclientsdon'tusethemunless
wechoosetoconfigurethemotherwise.
Asyoustartrequestingcertificates,itisimportanttonotethatpoornamespace
planningorseparateinternalnamespaces(suchascontoso.comforexternalclientsbut
contoso.localforinternalclients)willresultinmorecomplexcertificate
requirements.Ensurethatyouhavecarefullythoughtouttheinternalandexternal
URLrequirementsasyouareplanningyourExchangeServer2016deployment.
Somethingtowatchforisthatyousetthecommonnametobethepreferredname
thatuserswillaccessthemostandtheonethatisseenonthefirstpropertiespage,so
inourexamplewewouldmostprobablyselectmail.contoso.comasthecommon
nameinthecertificate.
IssuingandEnablingCertificateswithExchangeAdminCenter
InExchangeServer2007andExchangeServer2010,youhadtodoallyourcertificate
requestsandimportseitherthroughtheCertificateMMCsnap-in(whichwasapain)
orthroughtheEMS.InExchangeServer2013andExchangeServer2016,ifyouclick
theServersnodeintheEAC,youcanview,manage,andevenrequestnewcertificates
foryourExchangeservers.
WhenyougothroughtheExchangeCertificateWizardtorequestanewcertificate,it
willpromptyouforavarietyofinformation.Forexample,ononepageofthewizard,
youneedtospecifythedomain(s)forwhicheachaccesstypeisavailable.For
example,youmayselectOutlookWebApp(thisrepresentsOutlookontheweb
althoughthewordinghasnotbeenupdatedintheEACyet)andExchangeActiveSync
forcontoso.com.
Onthenextpageofthewizard,youwillseethedifferenttypesofnamesthatyoucan
includeinyourcertificaterequest.Forexample,wecouldaddmail.contoso.comand
nyc-ex1.contoso.comtopopulatetheSANnames.
NoteinFigure6.5thatthisserver'sinternalOutlookontheweb(shownasOutlook
WebAppintheExchangeCertificatescreen)nameisnyc-ex1.contoso.comandthe
externalnameismail.contoso.com.Forsomeofthesefields,theNewExchange
CertificateWizardismakinga“bestguess”atthecorrectnames,butyouwillneedto
fillinsomeoftheothersmanually,dependingonyournamingpreferencesandwhat
youhaveconfiguredinDNS.
Figure6.5Viewingthedomainstobeincludedinthecertificaterequest
InFigure6.6,youcanseetheCertificateDomainspage;thispageallowsyouto
specifyadditionalfullyqualifieddomainnamesthatwillshowupinthecertificate
request.Thewizardismakinganother“bestguess”forthiscertificaterequestby
addingalloftheaccepteddomainsaswell.Youmaywanttocheckthatthehostname
Autodiscoverispresentforeachofthesedomainnames.
Figure6.6TheCertificateDomainsWizardPage
TheOrganizationandLocationpageofthewizardrequestsinformationthatmost
administratorswhohavealreadyconfiguredacertificaterequestwillrecognize.This
includestheorganizationinformation,department,city,state,andcountry.
Onthelastpageinthewizardyoumustprovideanameandpathwherethecertificate
requestfilewillbecreated.Thecompletionofthiswizardwillexecutetherelevant
cmdletforyou.Inthiscase,thecmdletNew-ExchangeCertificateisbeingrun,suchas
isshownhere:
New-ExchangeCertificate
{PrivateKeyExportable=True,FriendlyName=mail,
SubjectName=System.Security.Cryptography.X509Certificates.X500DistinguishedName,
DomainName={ex1.contoso.com,mail.contoso.com,EX1},
RequestFile=\\nyc-ex1\c$\cert.req,GenerateRequest=True,Server=NYC-EX1,
KeySize=2048}
(Thiscmdletcomes,ofcourse,withGet-andSet-partnersaswell,toviewand
configurethecertificate.)
Youcannowsubmittoacertificateauthoritythecontentsofthefilethatwascreated.
Onceyouhavereceivedbackasignedcertificate,youusetheCompletePending
RequestWizardtocompletetheprocess.StartthisbyclickingCompletenexttothe
certificateshowingapendingstate.Thiswizardwillloadthesignedcertificateintothe
certificatestoreontheappropriateserver.
Thefinalprocessafterthecertificateisfullyloadedistoassignthecertificatetobe
usedbytheappropriateservices(suchasSMTPorIIS).Selectthecertificateinthe
workpane,clicktheEditbuttononthetoolbar,andselecttheServicesnodeonthe
left.OntheServicesnodeofthewizard(showninFigure6.7),selecttheappropriate
services.WhenyouselectInternetInformationServices(IIS),theyincludeOutlook
ontheweb,theExchangeAdminCenter(EAC),theExchangeControlPanel(ECP),
ExchangeWebServices(EWS),andActiveSync.Notethataservicecanbeassignedto
onlyonecertificateatatime.
Figure6.7Selectingservicesthatwillusethecertificate
AWordofWarning
Whichevertoolyouusetorequestcertificatesshouldbethetoolyouuseto
importthem.Althoughyoushouldbeabletomixandmatchthemintheory,
we'veseenoddresultsinpractice.Also,don'tusetheCertificateWizardinIISto
requestExchangeServercertificates,especiallyifyouneedSANcertificates.Stick
totheExchangeServertoolsforcertificatemanagementandalsoforrenewals;
thenon–ExchangeServertoolswillnotinstallcertificatesormanagecertificates
intheappropriatelocationsorintheappropriatemanner.
IssuingandEnablingCertificateswithEMS
AlthoughExchangeServer2016providesanExchangeAdminCenterinterfacefor
managingcertificates,youcanstillmanagecertificatesthroughtheEMS.Ifyouhave
donethisinthepastwitholderversionsofExhangeServer,youmighthavetolearna
fewnewtricksinordertoworkwithcertificatesfromtheEMS.Becauseoftheway
PowerShellworksviaremotingnow,youcannolongerspecifyapathforacertificate
requestfile.Instead,thecertificaterequestisoutputtotheshell,soyoumustcapture
thattoavariable.Here'sthecommandyouwouldissuetogenerateacertificate
requestfortheURLmail.contoso.comandcaptureittothe$Datavariable:
$Data=New-ExchangeCertificate-GenerateRequest-SubjectName"c=US,
o=Contoso,cn=mail.contoso.com"-DomainNamecontoso.com
PrivateKeyExportable$true
Next,weneedtotakeoutputthevaluestoredinthe$Datavariabletothefile
c:\CertRequest.requsingthiscommand:
Set-Content-path"C:\Docs\MyCertRequest.req"-Value$Data
HerearethedetailsoftheNew-ExchangeCertificatecmdlet(discussedearlier,inthe
section“IssuingandEnablingCertificateswithExchangeAdminCenter”):
GenerateRequestThisparametertellsExchangeServertogenerateacertificate
request.Hadweleftitoff,thecommandwouldhavegeneratedanewself-signed
certificate.That'susuallynotwhatyouwant.Thisrequestissuitableforeitheran
internalPKIoracommercialCA.
PrivateKeyExportableThisparameterisextremelyimportantandisthecauseof
mostcertificateheadacheswe'veseen.Whenacertificaterequestisgenerated,it
includesthepublickey,buttheprivatekeystaysinthesecureWindowscertificate
store.IftheCAisconfiguredtoallowexportoftheprivatekey,therequestmust
explicitlyaskfortheprivatekeytobeexportableinthefirstplace.Ifthis
parameterwasn'tincludedorwassetto$false,wewouldn'tbeabletoexportthe
certificate'sprivatekeytoimporttotheotherCASinstanceorontotheexternal
firewall,whichisoftendone.
FriendlyNameThisparameterissetforadministrativeconvenience.Ifwehave
multiplecertificatesissuedtothemachine,itallowsustoidentifythecertificate
withwhichwe'redealing.
DomainNameThisparameterallowsustosetoneormoredomainnames.Ifwe
specifymorethanone,ExchangeServerwillautomaticallycreateandpopulatethe
SANpropertywithalltherequestedhostnamesandsetthesubjectnameofthe
certificatetothefirsthostnameinthelist.Althoughthecmdletprovidesadditional
parameterstoexplicitlysetthesubjectandalternatenames,youdon'tneedthem.
Asuccessfulrunofthecmdletwillgeneratetherequestoutputandathumbprintof
therequest.SubmittherequesttoyourCA,downloadthecorrespondingcertificate,
andthenimportthecertificatebackonthesamemachine,asinthefollowing
example:
Import-ExchangeCertificate-FileData$(Get-Content
-Pathc:\CertImport.pfx-Encodingbyte)
-Password:(Get-Credential).password
Thiscmdletwillimportthesavedcertificateifitmatchesapendingrequestandprint
outthethumbprintofthenewlyimportedcertificate.Ensurethatyoulookafterthe
PFXfilethatisusedhere.We'veseenadministratorsleavingthisonthedesktopor
theC:driveofExchangeservers.Bestpracticeisnottostoreacopyofthisonthe
serveritself.Byallmeanskeepacopyinasafeplaceifitwillnotbepossibleor
convenienttodownloadacopyinthefuture.
Y
oucannowviewthecertificateintheCertificatessnap-ininMMCorfromthe
certificatemanagementfunctionalityintheExchangeAdminCenter.Fromhereyou
canviewthedetailsaboutthecertificate,suchasthethumbprint,SANnames,and
w
hichservicesthecertificateisassignedto,asshowninFigure6.8.
Figure6.8
Viewingcertificateproperties
ThefinalstepistoenableExchangeServerservicesagainstthecertificate:
Enable-ExchangeCertificate-Thumbprint<certificatethumbprint>
-Services<services>
<services>isacomma-separatedlistofoneormoreofthefollowingvalues,
dependingontheprotocolsyouhaveenabledandtherolesyouhaveinstalled:
SMTPForusewithSMTP+TLSforfront-end/back-endtransportservices.
UMCallRouterForusewiththeUnifiedMessagingservices'callrouterand
connectingtotheClientAccessserver.
UMForusewithgeneralUnifiedMessagingservices.
FederationForusewhenconfiguringfederatedserviceswiththeMicrosoft
FederationGateway.(Youcannotassignthisservicewiththiscmdlet;itis
configuredwhenconfiguringafederatedtrust.)
IISForusewithclientaccess,includingAutodiscover.
IMAPForusewithclientaccessusingtheIMAPclientprotocol.
POPForusewithclientaccessusingthePOP3clientprotocol.
TheBottomLine
WorkwithAutodiscover.AutodiscoverisakeyserviceinExchangeServer
2016,bothforensuringhassle-freeclientconfigurationandforkeepingthe
Exchangeserversinyourorganizationworkingtogethersmoothly.Autodiscover
canbeusedbyOutlook2010,Outlook2013,Outlook2016,Entourage,Outlookfor
Mac2016,WindowsMobile/WindowsPhone,andothermobiledeviceslike
Android,iOS,andevenWindowsRTdevices.
MasterItYouareconfiguringOutlook2016toconnecttoExchangeServerand
youwanttodiagnoseaproblemthatyouarehavingwhenconnecting.Which
toolcanyouuse?
TroubleshootAutodiscover.InalargeorganizationwithmultipleActive
Directorysitesormultiplenamespaces,itisessentialtotracktheAutodiscover
trafficandunderstandwhereclientquerieswillbedirected.
MasterItIfyouhavemultipleActiveDirectorysites,whatshouldyoudoto
controltheclientflowofrequestsforAutodiscoverinformation?
ManageExchangeServercertificates.ExchangeServer2016serversrelyon
functionalX.509v3digitalcertificatestoensureproperTLSsecurity.
MasterItWhichtoolswillyouneedtocreateandmanageExchangeServer
certificates?